Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
COOKIE_SUPPORT & GUEST_LANGUAGE_ID are not marked as Secure
legacy
Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application...
Configuration of NTLMv2 with Liferay
legacy
Issue How to configure NTLMv2 in Liferay as there is no configuration available in Liferay control panel to differentiate the request/service Environment Liferay 6.x Liferay 7.0 and Liferay 7.1 Resolution...
User should be re-directed to the login page once the session expires
legacy How To
Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If...
Security Statement on CVE-2019-11444: Disputed Groovy Script console vulnerability
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is...
Troubleshooting SAML Single Log Out when SLO fails
legacy Troubleshooting
Issue User is not logged out from Liferay SAML when the instance has expired. Liferay Session Timeout is set to 30 minutes and SAML Session is to 90 minutes. When SLO is triggered, the user is still signed in....
Known Issue: Browser Ignores Disabled Autocomplete Property for Saving User Login Information
legacy
Issue After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password...
Why does our internal server address appear when users authenticate against our SSO?
legacy
Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs...
LFR_SESSION_STATE cookies are not marked as HttpOnly
legacy
Issue LFR_SESSION_STATE cookies are not marked as HttpOnly Environment Liferay DXP, Liferay 6.2 Resolution This is not a security issue because this cookie is created and used in session.js which is the portal's Javascript. ...
How Can I Assign Roles to Users When Importing from LDAP?
legacy Troubleshooting
Issue When importing users to Liferay DXP from LDAP, they are not being assigned the roles I want them to have from my LDAP server. Environment Liferay DXP LDAP Resolution In Liferay DXP, Users are...
Lodash Security Vulnerability in Theme Dependencies
legacy
Issue In the Liferay theme dependencies, Lodash versions 3.10.1 and below are used extensively as dependencies throughout. Versions of Lodash prior to 4.17.5 suffer from a security risk: CVE-2018-3721...
Generating SAML Metadata with HTTPS
legacy How To
Issue This article documents how to generate a SAML metadata XML file that also has HTTPS enabled. Environment Liferay Portal 6.2, DXP 7.0, DXP 7.1 Any web server  Resolution In order to generate a SAML metadata.xml...
Using MS ADFS & Liferay SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Remove the Ability to Add JavaScript in the Control Panel's Site Pages
legacy How To
Issue Disable the ability to add JavaScript to pages on DXP 7.0 and thus prevent malicious code injections. Environment  DXP 7.0 Fix Pack 60+ This functionality was introduced in DXP 7.0 Fix Pack 60 Resolution Install...
LDAP Authentication and User Import/Export
legacy
This article provides an overview of LDAP integration with Liferay DXP 7.0. This content on authentication, user Import/Export, configurations, upgrade considerations and what has changed from previous Liferay...
Possible LDAP NullPointerExceptions
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
Configuring reCAPTCHA v2 in Liferay Portal 6.2 EE
legacy How To
This article outlines how to configure reCAPTCHA version 2 in Liferay Portal 6.2.  Google is sunsetting reCAPTCHA v1 and as of March 2018 all v1 API calls will no longer work. In response to this "End of Life"...
NTLM Browser Support
legacy
Affected Versions Liferay DXP 7.1 Liferay DXP 7.0 Liferay Portal 6.2 EE Liferay Portal 6.1 EE Integrating NTLM with Liferay products should only be done with Internet Explorer for...
Customer and Deployment Impact of Disabling TLS 1.0 for Inbound Traffic on Liferay Services
legacy
Due to vulnerabilities in the Transport Layer Security v1.0, Liferay has disabled TLS 1.0 for inbound secure connections on all systems and services on January 11, 2019. We previously announced in November 2018 that...
Setup Guide for Liferay and WSO2 Identity Server SAML Integration
legacy How To
This guide shows you how to integrate Liferay Portal with WSO2's Identity Server. These are the basic settings with the goal of setting the user on the right track. Resolution Install,...
Signing into Liferay Using NTLM Before the User is Imported From LDAP Causes Error
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
SAML Plugin Throws NPE When Trying to Access Metadata
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. With...
Providing User Data in SAML AuthnResponse Packets
legacy How To
SAML communication occurs via request and response packets between an identity provider and a service provider. This article addresses how to provide user data within the response...
Errors Exporting Password to LDAP
legacy Troubleshooting
The fix on LPS-55208 modifies LDAPUserExporterImpl (PortalLDAPExporterImpl in Portal 6.2 EE) in a way that the user is only exported to LDAP when the user's modifiedDate field changed....
Importing Contact and Custom Field Mappings From LDAP
legacy How To
In some environments it may be desirable to import a user's contact information from an LDAP server. This article explains how to import custom mappings as well as contact mappings from a Microsoft Active Directory...
Disabling the Change Password Request When Users First Log In to Liferay
legacy How To
When a user first logs in to the Liferay Portal 6.1 EE, they are immediately prompted to change their password. Resolution While this request is the default setting, the setting can be...
User Cannot Log In to Sync Client When SAML SSO and OAuth Are Enabled
legacy Troubleshooting
This article documents a known issue where users cannot log in to the Sync Client if both SAML and OAuth are enabled. As a result, authentication fails with a blank screen on Sync client. Repeated warning messages will print...
False Security Issue in FCKEditor and Liferay 6.x Reported as CVE-2018-10795
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions. Resolution Liferay disputed this issue because file upload is an expected...
Receiving Mixed Mode Warning when ReCaptcha is enabled on site with HTTPS
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. The...
Quick Start Guide to SAML on Liferay Portal 6.1 EE GA2
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. SAML (Security Assertion Markup Language) is...
Implementing NTLM Seamless Login
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. After successfully configuring Liferay...
How Password Policies are Applied in Liferay
legacy
This article describes several cases in which a user can receive a password policy. Resolution Here are several use-cases outlining how password policies are applied in Liferay Portal. Case 1 When a user and all...
LDAP Frequently Asked Questions
legacy
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. As many Liferay subscribers use...
List of Cookies That Are Affected at Liferay Login
legacy How To
In compliance to the European Union Cookie Directive, please see the following articles in reference to cookies that Liferay has set upon at login. Resolution How HTTP Cookies are...
Spring Framework Security Vulnerabilities: CVE-2018-1270, CVE-2018-1271, CVE-2018-1272
legacy
QUESTION: How are Liferay Digital Enterprise 7.0 and Liferay Portal affected by the Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1271, and CVE-2018-1272? Resolution Impact to Liferay CVE-2018-1270: Liferay...
Disabling the Authentication System and Delegating It to an LDAP Server
legacy How To
By default, the Liferay platform always uses its own authentication system that checks and validates the user password in its own database. Even if you enable LDAP settings and set it...
Using the Data Migration Tool in Liferay Portal
legacy How To
This article describes the two uses of the data migration tool in the system administration section of Liferay Portal. The Data Migration Tool is fully supported for Liferay Portal 6.2...
Generating Liferay SAML Environment's metadata.xml
legacy How To
This article describes how to generate Liferay SAML metadata from a web browser. SAML metadata in an XML file is configuration data required to automatically negotiate agreements between system entities, comprising...
Public Hostnames and IP Addresses
legacy How To
Very often a Liferay Portal or Liferay DXP instance resides inside a private network and—due to a company's security policy—while it can serve content to the public Internet, it cannot access the...
Setting Up DXP 7.0 as SP and WSO2 as IdP
legacy How To
This article documents how to set up Liferay DXP 7.0 as SP and WSO2 as IdP. Resolution WSO2 configuration 1. Download wso2is-5.3.0.zip from the WSO2 site and extract the file to a dedicated directory. 2. Go to...
Aruba Networks製品の利用有無について
legacy
, knowledgeArticleType: reference, legacy: true, name: Aruba Networks製品の利用有無について, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 109889, title: Aruba Networks製品の利用有無について