Site Search - Liferay Learn

Enabling SSO for our Liferay Console prevents logging in with email and password

Issue After enabling SSO for our Liferay Console, we are no longer able to log in with email and password. Environment DXP 7.4 Resolution This is expected behavior, as per the Official documentation for SSO: "The first...

GitHub Token Leak Exposure

legacy

Issue GitHub Personal Access Token has been leaked in a public Docker container hosted on Docker Hub. Some of the malicious packages like testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers work...

Vulnerability: Robots.txt file must not be accessed and should be blocked

legacy Troubleshooting

Issue Encountered a vulnerability issue with the robots.txt file and the vulnerability test suggests preventing the robots.txt file from being accessed. Environment Liferay DXP 7.3 Liferay DXP 7.4...

HTTP Strict-Transport-Security Header in Liferay

legacy

Issue Is HTTP Strict-Transport-Security Header enabled in Liferay? Environment Liferay DXP 7.4 Resolution Liferay enables HTTP security headers such as 'http.header.secure.x.content.type.options',...

Unable to Cancel Shutdown Event

legacy Troubleshooting

Issue After scheduling a shutdown event, and trying to cancel it, you see an error: "Error:Text verification failed." When trying to cancel a shutdown event, I'm prompted to input a CAPTCHA, but there is...

A simple example and key factors to check when testing custom OAuth 2.0 applications

legacy How To

Issue You have created an OAuth 2.0 application and would like to set up the minimum configuration to be able to test it. This article provides a simple example that could be adapted to your needs....

Residual risk after limiting the usage of unsafe-eval and unsafe-inline

legacy

Issue Can the derivatives unsafe-eval and unsafe-inline be exploited? If yes, how it is done? What is the residual risk associated with this? Can Content Security Policy (CSP) be resolved by adding a reverse...

OpenID Connect Client Secret field must be filled

legacy Troubleshooting

Issue I configured an OpenID Connect Provider Connection. When I try to login using the OpenID Connect Client Name, I get an internal server error. In logs, a java exception is thrown: WARN [http...

Remove extend_session for Guest users

legacy

Issue Guest users should not be able to see the extend_session message in the browser once the session has expired. Environment Liferay DXP [7.1-7.4, Quarterly Releases] Resolution Post observing the time...

Access revoked after task assignment to another user

legacy How To

Issue Once the user assigns the task to another user, then the previous user loses access to that task and is unable to see that in the 'Assigned to my roles' tab of 'My workflow Tasks'. Steps to reproduce: 1....

Polyfill.io Vulnerability: Is Liferay affected?

legacy

Issue An attribute polyfill:true is observed in the source code of the website. Does it have anything to do with the domain 'https://polyfill.io'? Is Liferay affected by the Polyfill.js vulnerability? ...

The users imported from LDAP cannot change their password

legacy Troubleshooting

Issue The users who were imported from LDAP cannot modify their passwords from My Account. Environment All Liferay DXP environments Resolution Make sure that LDAP Export option is enabled. Ensure that the credentials...

Provide other permissions to Guest user beside just view permission

legacy

Issue Can users give permission to the guest users to use the headless API to create, update, delete, etc. for documents & media, besides just the VIEW permission? Environment Liferay DXP 7.4 Resolution These...

The Impersonation Attempt Fails Without Errors in the Logs or UI

legacy Troubleshooting

Issue Admin users are unable to impersonate other users. When attempting to impersonate, a new tab opens, but it remains on the original user. Impersonation attempts fail, the `doAsUserId?` is missing from...

Enable/Disable Multi-Factor Authentication

legacy How To

Issue If there is any problem related with the way two-factor is working or do you simply want to deactivate it for some reason. Environment Liferay DXP 7.4 2023 Q1 - 2023 Q4 2024 Q1 Resolution There are two...

Vulnerability on spring-web

legacy

Issue The security scanner flagged the Liferay with the security vulnerability due to the JAR containing the vulnerable classes, reported here CVE-2016-1000027. Environment Liferay DXP 7.4 Resolution It's been...

CVE-2013-3587- enable of HTTP compression

legacy Troubleshooting

Issue Security vulnerability CVE-2013-3587 details a breach attack that is possible with the enable of HTTP compression and Deflate. Steps to see the behvaior: Navigate to any of the pages on the Liferay server....

Can you add a theme or fragments to action pages?

legacy Troubleshooting

Issue How do I add fragments to action pages like /c/portal/update_password and /c/portal/update_reminder_query? Our theme reverts on utility/action pages /c/ When a user is taken to the...

Is Liferay vulnerable to CVE-2023-50164?

legacy

Issue After running a scan, we received an alert about a possible vulnerability in Liferay. We want to confirm if we are vulnerable to CVE-2023-50164. Environment All environments. Resolution Liferay is not...

Deprecation of Liferay Sync

legacy

Issue I'd like to inquire about the support for Liferay 7.4 in the Liferay Sync. Currently, the Compatibility Matrix only lists support for Liferay DXP 7.3. Environment Liferay DXP 7.4+ Resolution Liferay Sync got...

Redirecting to login page when authenticated via SAML returns a 500 error

legacy Troubleshooting

Issue Navigating to to the login page /c/portal/login on the SP throws a 500 error when already logged in through SAML. Environment DXP 7.3 DXP 7.4 Resolution This is a known issue affecting DXP 7.4 U80 and lower and...

GDPR-compliant 3rd party cookie handling in 7.3

legacy

Issue Can you backport GDPR-compliant 3rd party cookie handling to 7.3 SP3? Environment The feature got implemented in DXP 7.4.13-u66. Backporting this feature to 7.3 is not feasible. Resolution There are 3 options...

Database Permissions Required for Liferay

legacy

Issue Could you please provide us with a list of Database Permissions required for Liferay to function? (We are optimizing our application security concerning the Database) Environment Liferay DXP 7.1...

LOGOUT event is not added to Audit Table

legacy Troubleshooting

Issue LOGOUT event is not being audited when SAML SLO is enabled. Environment Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution This happens because LogoutPreAction and LogoutPostAction classes do not get...

Unable to process OpenID Connect authentication response: Requested value and approved state do not match

legacy

Issue From time to time, error messages like the following appear in logs: 2024-02-14 13:31:55.099 ERROR [http-nio-8080-exec-120][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response:...

How to configure liferay to invoke web services with Digest Auth

legacy How To

Issue How to configure Liferay to invoke web services with Digest Auth and use it in a client. As example we'll use POSTMAN Environment Liferay DXP 7.1+ Resolution As example, we are going to configure the access to...

OpenID Connect does not work with Azure AD B2C

legacy Troubleshooting

Please note that this Fast Track applies to versions before our Quarterly Release 2024.Q1. From Quarterly Release 2024.Q1 on, this function is enabled as described in LPD-9397. Please...

How do I add Captcha in Sign in Portlet?

legacy

Issue I would like to add Captcha in Sign in Portlet, as I can do in Create Account and Forgot Password options. Environment DXP 7.3 Resolution Unfortunately, there is no out-of-the-box feature to enable Captcha...

How to Setup HTTPS on Tomcat for Liferay Portal 6.2 and DXP 7.0

legacy How To

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products....

Post deployment of SAML plugin the SAML Admin page is blank

legacy Troubleshooting

Issue After deploying the SAML plugin in the Liferay instance, the SAML admin page displayed blank. Below Stack trace occurs in the log at the time of performing the above actions. 2021-03-23 19:14:22.610 WARN...

Restrict guest users from accessing login page when attempting to access a protected page or resource

legacy How To

Issue By default, guest users are prompted to the login page when they are attempting to hit a url or access a resource that is protected and not available to guest users. I do not want guest users to be redirected to...

What difference is there between System Setting and Instance Setting LDAP configurations?

legacy

Issue There are two locations within Liferay DXP where LDAP configurations can be set. One is the System Settings (Control Panel -> Configuration -> System Settings -> Security -> LDAP) and the other the Instance...

How do I Add More Than One Field To the Custom Mapping Sections in My 7.0 LDAP Setup?

legacy How To

Issue I would like to add multiple fields to the custom mappings section in my LDAP setup. Environment DXP 7.0 Resolution During LDAP setup, navigate to Control Panel > Configuration > Instance Settings, in...

New Virtual Instance cannot be created if "passwords.default.policy.check.syntax=" is set to true

legacy Troubleshooting

Issue If I set passwords.default.policy.check.syntax=true in my portal-ext.properties file, I cannot create a New Virtual Instance I get an error in the logs: ERROR...

Users without Admin role cannot initiate SSO on the SP when using expando fields

legacy Troubleshooting

Issue When using expando field as "Name Identifier Attribute Name=expando:concurid", user without Administrator role can not initiate SSO. Steps to reproduce: On IdP end Add a custom field 'field1' for user. Go to SAML...

How to resolve "User 'x' must have 'y' permission" errors encountered while performing staging publication processes

legacy Troubleshooting

Issue Our team would like our staging managers to not be administrators, so we are only providing them with select permissions. However, publication attempts encounter errors such as: ERROR...

Sensitive Information disclosed via Application Status 400 Error

legacy Troubleshooting

Issue Application Server errors at times may identify software, software versioning and hint at how user input is processed. This sample trace to demonstrate was triggered by having invalid characters (namely a set...

Commerce modules fail to deploy due following license expiration

legacy Troubleshooting

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue There has been a documented case where Commerce modules fail to...

After performing a security configuration, our users can no longer add Categories in Web Content

legacy

Issue After applying the workaround indicated in this Security Advisory LSV-545: Unauthenticated Remote code execution via JSONWS (CVE-2020-7961), every client-side web service call to the JSONWS-API is failing:...

Configuring Liferay

Official Documentation

Configuring Liferay Liferay is a very adaptable tool. You can modify and configure it to suit the needs of your application.

Search Results