Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Commerce modules fail to deploy due following license expiration
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue There has been a documented case where Commerce modules fail to...
Disable Email Verification in DXP 7.3
legacy How To
Issue In DXP 7.3, new users have to verify their email address in their initial login. I want to disable this verification requirement. Environment DXP 7.3   Resolution In DXP 7.3, the default value for...
Got the error "saml-hook.war does not support this version of Liferay" after deploying the Liferay Connector to SAML 2.0 lpkg
legacy Troubleshooting
Issue Got the error saml-hook.war does not support this version of Liferay in log after deploying the SAML 2.0 lpkg (version 6.0.0) on DXP 7.1 fix pack dxp-18 Environment Liferay DXP 7.1 Resolution The root cause for...
LDAP Performance Issues after upgrading from 6.2 to 7.2
legacy Troubleshooting
Issue Seeing some slowness authenticating with LDAP after upgrading from 6.2 to 7.2. Environment DXP 7.2 [Upgraded from 6.2] Resolution Install Fix Pack 9 or a hotfix that includes LPS-122832 and run the upgrade process...
How to prevent user enumeration attacks through the Forgot Password functionality
legacy How To
Issue Insecure default configuration may allow remote attackers to enumerate users' email addresses via the forgot password functionality. This can be a risk in the case of public-facing deployments. Environment...
SAML changes post upgrade from DXP 7.0 to higher version
legacy How To
Issue SAML authentication is being used in DXP 7.0. After upgrading the DXP 7.0 to any higher version, how to configure SAML in the upgraded environment? Environment Liferay DXP 7.1 Liferay DXP 7.2...
Session Timeout value is overridden during fix pack upgrade
legacy How To
Issue During installation of a fix pack, the value of <session-timeout> is reset to default within web.xml. Is the value of session timeout can be changed 'permanently'? Environment DXP 7.2 Resolution Currently,...
Add custom certificate in SAML configuration
legacy How To
Issue As part of the SAML configuration, it is possible to generate a Certificate and a Private Key. This generates both a self-signed key and a container storekey (in $LIFERAY_HOME/data/keystore.jks by default)....
Denied resolving class [...] error is shown in custom FreeMarker/Velocity templates (LSV-658)
legacy Troubleshooting
Issue Custom FreeMarker and Velocity templates generate the following error after installing a fix pack: Denied resolving class [...] by org.apache Environment Liferay DXP 7.0 FP92+ Liferay DXP 7.1...
Changing password forces users to log in again
legacy Troubleshooting
Issue Changing password invalidates current sessions and the users have to log in again. 2020-02-07 13:08:37.558 ERROR [http-nio-8080-exec-2][PortletServlet:112] javax.portlet.PortletException:...
Session Hijacking issue with https connection
legacy
Issue By replacing the sessionId of a logged-in user, the user's session from another browser is replicated. Steps to reproduce Create 2 users like u1, u2 Assign the role for the u1 as "Power user", u2 as "Portal...
Integration of SiteMinder SSO
legacy How To
Issue How to integrate the SiteMinder SSO with Liferay Environment Liferay DXP 7.0 Resolution By default, Token based authentication is disabled in the Liferay. To manage the same, refer to this document Token-based...
Using Active directory, after changing the user password, still user is able to login using the old password
legacy Troubleshooting
Issue Using Active directory, after changing the user password, still, a user is able to login using the old password Environment Liferay portal 6.2  Resolution Under Control Panel -> Portal Settings ->...
404 error when downloading module "com.liferay.saml.opensaml.integration" from Release Notes page
legacy Troubleshooting
Issue Getting a 404 error when downloading module "com.liferay.saml.opensaml.integration" from Release Notes page. Environment Liferay DXP 7.2 Resolution The module for  "com.liferay.saml.opensaml.integration" can be...
Is Liferay Product affected by OpenSSL security issue CVE-2020-1967 ?
legacy
Issue Is Liferay Product affected by OpenSSL security issue CVE-2020-1967 ? Environment Liferay DXP 7.1 Resolution Since Liferay products do not come with OpenSSL built-in, Liferay is not affected by CVE-2020-1967 out of the...
Why can't I see the name of the resource in the Audit app?
legacy
Issue I am an Administrator in Liferay DXP Someone deleted an asset (for example an Organization) I check the events in the Audit app (Control Panel > Configuration > Audit) I open the delete event I can only see the...
Encryption keys can be used at Liferay
legacy How To
Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java...
Can SAML or LDAP be accessed via Liferay APIs?
legacy
Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed...
Configuring Liferay to display CAPTCHA's with numbers only - 7.2
Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by...
Import nested groups and users from Microsoft Active Directory
legacy How To
Issue What configuration is needed in Liferay so that the nested groups and the users are imported from AD? Environment DXP 7.2 DXP 7.1 DXP 7.0 Resolution Change the User attribute of the Group Mapping in the LDAP server...
Users are being logged in as some other user
legacy Troubleshooting
Issue When any user logs into the portal, they see the user profile of another user instead of seeing their own profile. Environment Liferay DXP 7.0 Resolution There are usually two root causes for the...
Liferay's OpenID Connect implementation and Single Logout
legacy
Issue Does Liferay's OpenID Connect implementation support Single Logout? Environment Liferay DXP 7.1/7.2 Resolution Liferay's current OpenID Connect (OIDC) integration only implements parts of the Final specifications,...
Using one user's JSessionID any logged in user can access the respective user's session
legacy
Issue One user's session is accessed by knowing the respective user's JSessionID. Steps for reference: 1) 2 users (say: User A and User B) 2) User "A" logs-in to the system 3) Now, user "A" has one Jession...
LDAP users are unable to log in
legacy Troubleshooting
Issue Users who are present in LDAP are unable to perform login into Liferay and the below error was observed at the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable...
Does Liferay DXP 7.1 support HTTP headers?
legacy
Issue Does Liferay DXP 7.1 support the following HTTP headers: "X-Frame-Options", "X-XSS-Protection" and "X-Content-Type-Options"? If not, what changes have to be done from the application side to enable...
TLS v1.2 in Liferay DXP 7.1
legacy
Issue Due to some security vulnerable in TLS v1.0, it should be upgraded to TLS v1.2.  1. Does Liferay DXP 7.1 support TLS v1.2? 2. If it supports, then how to use/upgrade the same in Liferay DXP 7.1?...
Unable to import LDAP telephoneNumber into Liferay phone in the Contact page
legacy Troubleshooting
Issue Unable to import LDAP telephoneNumber (in Microsoft Active Directory) into Liferay Contact Information -> Phone Numbers on the Contact page. Environment Liferay DXP 7.1 Resolution Only attributes listed in...
Https Access Portal Problems
legacy Troubleshooting
Issue When users are trying to access to portal using https protocol, portal is redirecting to http protocol and pages are not showed right. Https protocol was configured in load balancers and application...
NTLM authenticate failed due to " Logon failure: unknown user name or bad password error "
legacy Troubleshooting
Issue Users are unable to login through NTML due to the following WARN: 2019-08-29 05:55:28.671 WARN [http-nio-8080-exec-5][Netlogon:104] Unable to authenticate user emma: Logon failure: unknown user name or bad password....
Password is visible as a plain text in the user's browser console
legacy
Issue When a user tries to log in to Liferay via Liferay's default Sign-In portlet, the user's password shows in the browser console as a plain text. Environment Liferay DXP 7.0-7.4 Resolution This is not a Liferay issue....
SAML SLO is not working when using two Liferay servers in my machine
legacy Troubleshooting
Issue We configured 2 Liferay Servers in my machine, one as Service Provider and the other as Identity Provider. We managed to perform the login through IdP. The issue happens when we try to logout the user in SP....
LDAP users are unable to log in(Caused by: java.net.SocketException: Connection reset)
legacy Troubleshooting
Issue If the LDAP is configured and when the LDAP users are trying to log in, authentication fails and started getting the following error in the server console. ERROR...
Antisamy - Document description field not sanitized
legacy
Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific...
How to reproduce https:// problems on localhost
legacy How To
Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed...
Security Advisory for CVE-2019-2729 for Oracle WebLogic
legacy Troubleshooting
Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are...
How to configure the "check-auth-token" parameter within an OSGi portlet?
legacy How To
Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Data Protection for Liferay Services and Software
legacy
This whitepaper describes the data protection policies of Liferay DXP and describes Liferay's approach to protect personal data in compliance with local regulatory requirements such as GDPR. The paper is available for...
Liferay DXP Application Security Features
legacy
This document provides an overview of application-level security features in Liferay DXP. It discusses transport security, encryption, web services, SSO, OAuth, and more.  The paper is available for download here.,...
Liferay Security Development Overview
legacy
This paper provides an overview of the processes used during development and testing of Liferay products. Combined, these processes ensure that Liferay’s customers can have confidence in the security and ongoing...