Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Does CVE-2022-1471 affects DXP 7.4?
legacy Troubleshooting
Issue Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml. Could you please confirm if we have to address this...
How to extract the okta authorization token for each user?
legacy Troubleshooting
Issue Once users log in to Liferay, the user should get redirected to Okta. After successful authentication, Okta is supposed to return an authorization token for that specific user.  Concern: After successful Okta...
Unable to extend user session on Weblogic
legacy Troubleshooting
Issue When I call Liferay.Session.extend(); from Liferay 7.4 running on Weblogic, the user session terminates. Environment DXP 7.4 Weblogic Resolution This behavior is resolved by LPS-190923. Please open a help...
AuditEvent not saved after migrating from Portal 6.2 to DXP 7.4
legacy Troubleshooting
Issue After migrating to DXP 7.4. If we use the portal normally, there aren't new entries in Audit_AuditEvents table. Environment Liferay DXP 7.4 Resolution Go to System Settings -> Audit -> Persistent...
Is One Time Password's expiration configurable?
legacy
Issue When does One Time Password expire? Can you set the validity timeframe of the OTP? Environment DXP 7.2+ Resolution OTP is HTTP session based, if the session expires, OTP expires as well. And it can only be used...
Security configuration related to session management
legacy
Issue There are some security configuration requirement regarding session management. Environment Liferay DXP 7.4 Resolution Application uses the 'referrer' header as a supplemental check only, and not just for any...
OpenID Connect Error - "Signed JWT rejected"
legacy Troubleshooting
Issue When configuring authentication using OpenID Connect, login fails and the following error is reported: Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found...
Browser Pop-Up For Non-Https Site
legacy Troubleshooting
Issue We are seeing a browser pop-up warning for our users when they try to login to our http site. They become concerned as it says the connection is not secure, but to 'send anyway'. Can this be disabled by Liferay...
Where is the password reset email set up and in what priority order?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
I am redirected to the home guest page after login with SAML
legacy Troubleshooting
Issue After logging in with SAML, I am redirected to the Home Page of a non-logged-in user. I am redirected back to the Portal login screen after login with SAML Environment Portal 6.2 DXP 7.0+ Resolution This can be...
Does Liferay DXP validate Session Identifiers?
legacy
Issue Does Liferay DXP validate Session Identifiers? And yes, Liferay does validate Session Identifiers! Environment Liferay DXP Resolution As for the session configuration in the portal we have the...
Does CVE-2016-1000027 affect Liferay?
legacy
Issue Security scan shows CVE-2016-1000027 as an active vulnerability, is Liferay affected? Environment DXP 7.4 Resolution CVE-2016-1000027 is known to us, and we can confirm that Liferay should not be vulnerable, as...
Insecure HTTP methods
legacy How To
Issue HTTP methods like HEAD, OPTIONS, TRACE may provide information about the application that can be used in attacks like XST, CSRF, steal of sensitive information. How we can disable insecure/unnecessary http...
Not Found page seen instead of Login Prompt when logged out and navigating to private pages
legacy How To
Issue When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead. Environment DXP 7.4 Resolution In DXP 7.3, when users are not logged...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...
Cannot set proper permissions for Panel Category Entries in a Custom Site
legacy Troubleshooting
Issue The custom site panel category entries' panel app permissions do not work as intended. We are unable to grant permissions to access the panel app through a "Site role" if the category key does not start...
Detected Vulnerabilities related to Struts
legacy
Issue A security scan has picked up the following vulnerabilities related to struts-core:  CVE-2012-1007, CVE-2014-0112 CVE-2014-0112: ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
How to change the number of digits in the CSRF token parameter "p_auth
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
The screen name cannot be an email address or a reserved word
legacy Troubleshooting
Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate...
SAML IDP is unable to initiate SLO
legacy Troubleshooting
Issue SAML Identity Provider is unable to initiate Single Log Out Notes 1. Set the different virtual hosts as below as an example 127.0.0.1www.bbb.com (For IDP) 127.0.0.1www.sp.com (For SP) 2. Using thetest...
Records are not removed from samlspsession table if the user closes the browser instead of logging out
legacy Troubleshooting
Issue Records are not removed from `samlspsession` table if the user closes the browser instead of logging out. Steps to reproduce: 1. Setup two instances of Liferay to use SAML - one as IDP and one as SP....
Can both Liferay and LDAP Password policies be enabled at the same time?
legacy
Issue Is there a way to make both of Liferay and LDAP policies work together, so that users logging via Liferay authentication will be handled by Liferay's password policies and users authenticating...
EU Login via OpenID Connect needs Proof Key for Code Exchange (PKCE)
legacy
Issue I would like to integrate my portal with an EU Login mock server instance via OpenID Connect It does not work since the OpenID connect server needs Proof Key for Code Exchange (PKCE) After configuration, when I am...
I would like to control email notifications to Liferay strangers.
legacy How To
Issue How are strangers defined by Liferay? How can I control email notifications to strangers upon signup? Environment DXP 7.3+ Resolution The SAML property defining unknown users as strangers was introduced in DXP 7.3....
How to get rid of SSLHandshakeException?
legacy Troubleshooting
Issue When trying to access the site URL, the console displays the following exception, and the site is inaccessible. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshakefailure...
Enabling information about server errors in the JSON response
legacy Troubleshooting
Issue There is no error messages from api json services. How to manage the serialization and access to  Json services In Liferay Portal 6.2 or DXP7.0 the server response is serialized and shows information related...
Use Custom certificate and Let's encrypt at same time in different domains
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue We need to have some domains with custom certificates and...
Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
legacy Troubleshooting
Issue SAML has abruptly stopped working, and no user can log in. The Liferay console contains the following errors: DEBUG [ajp-nio-172.1.129.26-8080-exec-351][BaseSignatureTrustEngine:200] Attempting to establish...
Unable to send message: 554 X.X.XXX SendAsDenied
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: 554 X.X.XXX SendAsDenied" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email notifications in Liferay 2. Sometimes, the...
JSESSIONID not secure by default
legacy Troubleshooting
Issue The JSESSIONID cookie that comes with Liferay requests in the browser is not secure by default when inspected in the browser. Environment Liferay DXP 7.3 Resolution Set the JSESSIONID in web.xml...
Could not connect to the SMTP host exceptions
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: Could not connect to SMTP host: smtp.office365.com, port: 587" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email...
Can Liferay be affected by the IceApple framework?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue CrowdStrike’s Falcon Overwatch has discovered a...
How to Update Webserver Credentials
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue I would like to change my webserver login credentials....
OAuth 2.0 with Kerberos
legacy Troubleshooting
Issue You might encounter an issue where after the SSO setup, you start having problems with OAuth 2.0 and the call to /o/oauth2/token is failing with a "401 Unauthorized error". Also if you use Apache you might...
Signed SAML response
legacy How To
Issue How can the signed response, which is required by ADFS to complete authentication at the Liferay end, be clarified? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Resolution...
"Content security policy" header is not available in the application response
legacy
Issue The "Content security policy" header is not available in the application response. How to add or enable the CSP? Environment Liferay DXP 7.3 Resolution Liferay doesn't directly support the CSP as there are no...
Impact of Spring4Shell and Spring Cloud Security Advisory on other libraries related to Spring
legacy
Issue There previously was a Security Advisory regarding a vulnerability for the Spring4Shell and Spring Cloud libraries. These vulnerabilities are detailed in this article here:  Spring4Shell and Spring Cloud Security...
Version of spring-** jars after installing a hotfix
legacy
Issue To address the Spring4Shell vulnerabilities, the patched version of spring-beans.jar should be in its manifest file after the hotfix installation, is spring-webmvc.jar included in this? Environment Liferay...
Guest users are able to access an endpoint if PortalSessionAuthVerifier is enabled
legacy Troubleshooting
Issue We have followed this How-To article: How to add security, authentication to my REST service? (Section 5.1), but guest users are still able to access our endpoint from a browser. If we enable...