Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Plain text can still be seen despite SSL
legacy
Issue Even if SSL (or TLS) is enabled, the login credentials are in plain text while intercepting requests with Burp Suite. Environment Liferay DXP 7.3 Resolution If a user utilizes the burp suite as a proxy, they...
Password reminder answers are not masked
legacy Troubleshooting
Issue As Liferay DXP does not hide password reminder answers, attackers can capture user's password reminder answers through man-in-the-middle or shoulder surfing attacks. Environment Liferay DXP 7.0 Liferay DXP...
Is there a REST API method to revoke the OAuth2 tokens?
legacy How To
Issue We want to provide a public REST API method to revoke the OAuth2 tokens following the RFC 7009 specification https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 Does Liferay provide this functionality?...
New user is not being able to login properly
legacy Troubleshooting
Issue A new user (this also happens to LDAP users) is unable to log-in the first time, but seems to be able to log-in on the second attempt. Steps to reproduce: 1) Create a guest user from Create Account tab at the...
CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645
legacy Troubleshooting
Issue This article outlines the concerns of CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645 vulnerabilities with respect to the Liferay DXP Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP...
javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated error
legacy
Issue Why does this error gets triggered? What would be the cause? INFO  [http-nio-8080-exec-2573][CustomLoginPortlet:726] url redirect = https://xxxx/group/yyyy ERROR [http-nio-8080-exec-2573][PortletServlet:112]...
Error when configuring SAML in a clustered environment for the first time
legacy Troubleshooting
Issue When configuring SAML in a clustered environment and entering the configuration Idp connection an error is shown: java.lang.RuntimeException: java.lang.NullPointerException at...
Browser console error : The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future
legacy Troubleshooting
Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented...
Getting mixed content on the portal
legacy Troubleshooting
Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth....
Error signing via SAML: com.liferay.saml.runtime.exception.AudienceException: Unable verify audience
legacy Troubleshooting
Issue Liferay is configured as a SAML Service Provider. When trying to sign in to Liferay it is not possible and the following error is shown in the logs: 2022-01-20 11:50:38.554 ERROR [default...
Session logs out intermittently after being redirected by the payment link
legacy Troubleshooting
Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt)...
URL length modification / restriction
legacy
Issue Sometimes we need to modify or restrict the length or URL Liferay generates ( for example for security custom solutions ) but Liferay has no out of the box solution for that. Environment DXP 7.2...
Change the GUEST_LANGUAGE_ID cookie to expire Null
legacy Troubleshooting
Issue The Guest language ID cookie in Liferay has a one-year expiration, whereas the undefined cookie in the F5 balancer caused the conflict. Is there a way to modify the Cookie's duration in Liferay? Environment...
dtSa cookies containing special characters
legacy
Issue As dtsa cookies are detected, are these cookies URLs cause for concern? Is there any information concerning these cookies in relation to Liferay? Use Case: As Liferay generated dtSa cookies contain the...
How to configure the default timeout value to any value instead of having it capped at 500ms
legacy
Issue The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.  Use Case: The user would like to be able to set/configure...
Liferay as SAML SP fails after switching the URL of the virtual instance
legacy Troubleshooting
Issue SAML configuration hasn't been working since the virtual host of the portal instance changed. Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not...
How to resolve users being unable to log out after configuring a Token-Based SSO
legacy Troubleshooting
Issue After configuring and enabling a Token Based SSO in our 7.2 environment (upgraded from 7.0), users are now unable to log out, and they are instead redirected to the home page (still logged in). In our 7.0...
CVE-2021-27568 json-smart v2 through v2.4
legacy Troubleshooting
Issue Steps to Reproduce: The json-smart.jar's can be found here:...
How to Configure Liferay DXP with Multiple IdPs (OKTA via SAML and OIDC)
legacy How To
This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of...
Content-Security-Policy Header Integration
legacy
Issue How can a CSP (content security policy) HTTP header that enables only specific external resources to be loaded in the frontend be implemented? Environment Liferay DXP 7.2 Resolution CSP is not currently...
HTTP Strict Transport Security (HSTS) Header Not Used
legacy How To
Issue The HSTS header cannot completely defend against man-in-the-middle attacks. However, it can be useful in defending against an attack in which an attacker establishes an encrypted connection to the application and...
Verbose Error Messages
legacy How To
Issue The name of the technologies used, such as Apache Coyote, Tomcat, etc. are visible. Environment Liferay DXP 7.2, DXP 7.3 Resolution  Each application is responsible for allowing its information to be displayed...
Known Vulnerabilities with Liferay AntiSamy
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay AntiSamy app depends on third party libraries that have known...
Session Management in Liferay
legacy
Issue How the sessions are managed in Liferay and what are all the different types to configure the same. Also, whether the Liferay session work for the javascript disabled browsers? Environment Liferay DXP...
Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ? Is it supported ?
legacy
Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment...
Forgot Password is not popped up with an error when providing an email address that doesn't exist in the DB
legacy
Issue In the 'Forgot Password' option, while trying to provide an email id that doesn't exist in the database, the user can proceed to answer the security question. Whereas an error is not popped up saying the user's...
Is there a way to allow upper cases in a screen name?
legacy
Issue Is there any way to ensure that a user's screen name maintains the same capitalization that is present in the AD (Active Directory) when the user is imported into Liferay? Environment Liferay DXP 7.2...
When Setting Okta up as an SSO for Liferay PaaS, how can I generate IdP metadata in Okta without first having SP metadata?
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The documentation for setting up an SSO with Liferay PaaS...
Does the Encryption Key that is generated per company id for the Liferay Installation ever change?
legacy
Issue Does the Encryption Key that is generated per company id for the Liferay Installation ever change? Environment Liferay 7.2 Resolution The following portal properties will alter the encryption key for a Liferay...
How to create Custom attribute in MS Active Directory and configure in Liferay
legacy How To
Issue Is there any way to map a custom attribute in Liferay created from MS Active Directory? Environment Liferay Portal 6.2 Resolution Liferay provides an OOTB option to achieve the custom attribute...
How to configure liferay to invoke web services with Digest Auth
legacy How To
Issue How to configure Liferay to invoke web services with Digest Auth and use it in a client. As example we'll use POSTMAN Environment Liferay DXP 7.1+ Resolution As example, we are going to configure the access to...
OpenID Connect does not work with Azure AD B2C
legacy Troubleshooting
Please note that this Fast Track applies to versions before our Quarterly Release 2024.Q1. From Quarterly Release 2024.Q1 on, this function is enabled as described in LPD-9397. Please...
How do I add Captcha in Sign in Portlet?
legacy
Issue I would like to add Captcha in Sign in Portlet, as I can do in Create Account and Forgot Password options. Environment DXP 7.3 Resolution Unfortunately, there is no out-of-the-box feature to enable Captcha...
Post deployment of SAML plugin the SAML Admin page is blank
legacy Troubleshooting
Issue After deploying the SAML plugin in the Liferay instance, the SAML admin page displayed blank. Below Stack trace occurs in the log at the time of performing the above actions. 2021-03-23 19:14:22.610 WARN...
Restrict guest users from accessing login page when attempting to access a protected page or resource
legacy How To
Issue By default, guest users are prompted to the login page when they are attempting to hit a url or access a resource that is protected and not available to guest users. I do not want guest users to be redirected to...
What difference is there between System Setting and Instance Setting LDAP configurations?
legacy
Issue There are two locations within Liferay DXP where LDAP configurations can be set. One is the System Settings (Control Panel -> Configuration -> System Settings -> Security -> LDAP) and the other the Instance...
How do I Add More Than One Field To the Custom Mapping Sections in My 7.0 LDAP Setup?
legacy How To
Issue I would like to add multiple fields to the custom mappings section in my LDAP setup. Environment DXP 7.0 Resolution During LDAP setup, navigate to Control Panel > Configuration > Instance Settings, in...
After performing a security configuration, our users can no longer add Categories in Web Content
legacy
Issue After applying the workaround indicated in this Security Advisory LSV-545: Unauthenticated Remote code execution via JSONWS (CVE-2020-7961), every client-side web service call to the JSONWS-API is failing:...
SAML Authentication Issue: Message context was not authenticated
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message. ERROR [http-nio-8080-exec-36][BaseSamlStrutsAction:59]...
DNSName components must begin with a letter error while starting LDAP server in Apache DS
legacy Troubleshooting
Issue During the configuration of Apache DS I encountered an issue that resulted in an IOException that interfered with starting the LDAP server:...