Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
DNSName components must begin with a letter error while starting LDAP server in Apache DS
legacy Troubleshooting
Issue During the configuration of Apache DS I encountered an issue that resulted in an IOException that interfered with starting the LDAP server:...
Landing page redirection is not working after SAML configuration
legacy Troubleshooting
Issue Once the SAML is configured the Landing Page redirection is not redirecting to the desired page. Environment Liferay DXP 7.1 Resolution The pre and post-login actions (like DefaultLandingPage actions) are not...
How to resolve a "Failed to define class from Service Module Loader" error
legacy Troubleshooting
Issue Upon installation of security-hotfix-lsv-45 in Liferay Portal bundled with JBoss, a "Failed to define class" error is generated in the Liferay logs. Failed to define class...
Couldn't retrieve remote JWK set: Server returned HTTP response code: 401 error occurs when using OpenID Connect authentication with Oracle Identity Cloud Service
legacy Troubleshooting
Environment Liferay DXP 7.0-7.3 Oracle Identity Cloud Service OpenID Connect authentication enabled Symptom When OpenID Connect authentication is enabled in Liferay DXP and Oracle Identity Cloud Service (IDCS) is the...
HTTP 400 response code shows sensitive data
legacy Troubleshooting
Issue Sensitive system information may be seen in HTTP 400 - Bad Response status Environment DXP 7.0   DXP 7.1   DXP 7.2 Resolution The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code...
SAML no longer working after upgrading Liferay
legacy Troubleshooting
Issue After upgrading Liferay from Liferay DXP 7.0 to Liferay DXP 7.2, SAML is no longer working and users are no longer able to authenticate using SAML. It is possible that the following error will also appear in the...
Why p_p_auth token is exposed in the URL? Could it be a security risk?
legacy
Issue On Liferay Portal 6.2, p_p_auth token is exposed in the URL. It might be considered as a security risk. Environment Liferay Portal 6.2 Resolution No attacker or other user can use p_p_auth token, only a...
SAML logout when session expires
legacy
Issue The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry Environment Liferay 7.0 as IdP Resolution  Service...
How to configure validation directives in AntiSamy
legacy Troubleshooting
Issue When trying to import content between sites, i.e. knowledge base, a validation error arises: An unexpected error occurred with the publication process. Please check your portal and publishing configuration....
How to review User Permissions on Freemarker and Velocity templates
legacy How To
Issue After applying the fix for LSV-658, how can I see which users have permissions for (which) Freemarker/Velocity templates, i.e. via the user interface or by a database query? The Mitigation Notes of LSV-658...
The Forget Password page is vulnerable to CSRF attack
legacy
Issue The Forget Password form can be re-submitted with different cookies which lead to the CSRF issue. Environment Liferay DXP 7.2 Resolution This is considered as a False Positive, as the user is not logged into...
Page version control information is accessible in sitemap.xml
legacy
Issue Page version control information is accessible in sitemap.xml - such information shall not be exposed for security reasons. Reproduction: 1) Start up bundle 2) Access sitemap...
The /dtd/ folder of the war with sensitive information is exposed when deploying a portal on Weblogic 12c R2
legacy Troubleshooting
Liferay Support does not recommend or endorse specific third-party products over others. The information provided about products not created by Liferay is for reference purposes only, and any implementation of these...
Module download link can not be opened on Liferay DXP Release Notes page with 404 error
legacy Troubleshooting
Issue  When trying to download modules like "com.liferay.saml.opensaml.integration" from Liferay DXP Release Notes page, the download link can not be opened with a 404 error. Environment Liferay DXP 7.2 Resolution...
No administrative options can be accessed when an F5 load balancer is in front of Liferay forcing a secure protocol
legacy Troubleshooting
Issue When a F5 load balancer is in front of Liferay and is forcing a secure protocol, no administrative options can be selected and accessed. On Liferay the following options are configured on the...
Liferay redirects to iframe source URL upon logging in
legacy Troubleshooting
Issue After adding an Iframe to a Liferay page and set the Source URL of that Iframe to e.g. /web/guest/page2, Liferay will redirect to /web/guest/page2 when logging in through the Welcome homepage. Environment...
When authorizing OAuth2 applications HTTP is used instead of HTTPS
legacy Troubleshooting
Issue If there's a web server in front of Liferay, when clicking on the Authorize button to authorize OAuth2 applications HTTP is used instead of HTTPS and the following WARNs are displayed in the log. 2019-11-08...
Is it possible to set different Authentication methods for different sites in the same portal instance
legacy
Issue Is it possible to set different Authentication methods for different sites in the same portal instance? Environment Liferay DXP 7.2 Resolution Currently, it is not possible to use different authentication methods...
LDAP server is unreachable when "Required" option is enabled
legacy Troubleshooting
Issue For any virtual instances apart from a default instance, if the "Required" option in LDAP is enabled, only LDAP users can log in to the portal. When the LDAP server is down/unreachable, none of the...
Why the error "Failed to bind to the LDAP server with userDN" is thrown in the logs
legacy Troubleshooting
Issue What is the reason behind the following error which is thrown in the logs? [LDAPAuth:198] Failed to bind to the LDAP server with userDN CN=VERMA BRIJESH KUMAR...
Impact of Google Chrome 80 and changes in the default behavior of the SameSite cookie setting on SAML
legacy Troubleshooting
Issue Updated (May 31, 2021): The behavior is enabled by default since Chrome 84. Updated (April 3, 2020): Chrome is Temporarily rolling back SameSite Cookie Changes Updated (June 12, 2020): Added information about...
Why certain Security Headers are not included in the HTTP Request and Response of Liferay DXP
legacy
Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header...
Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers?
legacy How To
Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already...
Security Vulnerability: Remote-Code-Execution (RCE) With ImageMagick
legacy Troubleshooting
Issue Symptom: CVE-2016-3714 - Insufficient shell characters filtering leads to potentially remote-code-execution vulnerability in ImageMagick. Environment  ImageMagick before 6.9.3-10...
When SAML is enabled, logging out from particular Site should stay at the respective site itself
legacy
Issue When SAML is enabled, logging out from "SITE A" is not redirecting/stays at the respective site's home page itself.  Environment Liferay DXP 7.1 SAML plugin Resolution The ideal scenario is...
Possible Mismatch Between the Real LDAP Import Time and Import Interval Set on Instance Settings after LPS-98420
legacy Troubleshooting
Issue After LPS-98420, there might be a mismatch between the real LDAP Import trigger time and Import Interval set on instance settings. For example: Set “System Settings -> LDAP -> Import Interval” to 2. Set “Instance...
Resolving errors when using Liferay JSON Web Service to do the searching
legacy Troubleshooting
Issue When invoking Liferay JSON Web Service to do the searching, you may encounter errors like the following: com.liferay.portal.kernel.dao.orm.ORMException: org.hibernate.exception.SQLGrammarException: could not execute...
Unable to handle SAML Request
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message in UI and in Server console. UI: "Unable to handle SAML Request" Server Console:  ERROR...
Authentication through LDAP when SAML is enabled
legacy Troubleshooting
Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the...
LDAP users are able to login with Default User Password
legacy
Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the...
[LES] Issues reinstalling Liferay Connector to X-Pack Security
legacy How To
Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack...
CSRF (p_auth) token is not included in portlet ResourceURLs
legacy
Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...)...
Preventing host header attack vulnerabilities
legacy How To
Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment...
[LES] How to reinstall Liferay Connector to X-Pack Security
legacy How To
Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this...
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
Apply button in OAuth 2 Administration is not working
legacy Troubleshooting
Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see:...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
Unable to process SAML SSO request
legacy Troubleshooting
Issue After configuring SAML SSO successfully, the user is unable to perform login and getting the following error in UI and Server console. UI Error:  "Unable to process SAML request" Server Console: ...