Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
AntiSamy Portlet Removes HTML Target Attributes
legacy How To
The AntiSamy portlet is meant to prevent XSS type attacks. One side effect however is that if an HTML target is used, then the portlet will remove it upon publishing the content. Steps to Reproduce Create Web...
Setup Guide for Liferay and WSO2 Identity Server SAML Integration
legacy How To
This guide shows you how to integrate Liferay Portal with WSO2's Identity Server. These are the basic settings with the goal of setting the user on the right track. Resolution Install,...
Signing into Liferay Using NTLM Before the User is Imported From LDAP Causes Error
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
SAML Plugin Throws NPE When Trying to Access Metadata
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. With...
Providing User Data in SAML AuthnResponse Packets
legacy How To
SAML communication occurs via request and response packets between an identity provider and a service provider. This article addresses how to provide user data within the response...
Performance Issue With LDAP Imports When Using Oracle Database
legacy Troubleshooting
This article is regarding a performance issue that may surface when executing an LDAP import using the UserGroup method for a large amount of users. Specifically, the issue is that the...
JSON Authentication for Custom Portlets
legacy Troubleshooting
Liferay will support our API and resolve any issues and answer any questions having to do with the API itself or any other part of Liferay's software. Issues and questions regarding custom development may be handled by...
Errors Exporting Password to LDAP
legacy Troubleshooting
The fix on LPS-55208 modifies LDAPUserExporterImpl (PortalLDAPExporterImpl in Portal 6.2 EE) in a way that the user is only exported to LDAP when the user's modifiedDate field changed....
Importing Contact and Custom Field Mappings From LDAP
legacy How To
In some environments it may be desirable to import a user's contact information from an LDAP server. This article explains how to import custom mappings as well as contact mappings from a Microsoft Active Directory...
Disabling the Change Password Request When Users First Log In to Liferay
legacy How To
When a user first logs in to the Liferay Portal 6.1 EE, they are immediately prompted to change their password. Resolution While this request is the default setting, the setting can be...
Virtual LDAP Server Plugin Setup
legacy How To
The following article gives a basic use case for Liferay's Virtual LDAP Server Plugin. Liferay's EE Virtual LDAP plugin turns Liferay portal into a virtual LDAP server that can be accessed by external LDAP explorer...
User Cannot Log In to Sync Client When SAML SSO and OAuth Are Enabled
legacy Troubleshooting
This article documents a known issue where users cannot log in to the Sync Client if both SAML and OAuth are enabled. As a result, authentication fails with a blank screen on Sync client. Repeated warning messages will print...
False Security Issue in FCKEditor and Liferay 6.x Reported as CVE-2018-10795
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions. Resolution Liferay disputed this issue because file upload is an expected...
Receiving Mixed Mode Warning when ReCaptcha is enabled on site with HTTPS
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. The...
Quick Start Guide to SAML on Liferay Portal 6.1 EE GA2
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. SAML (Security Assertion Markup Language) is...
Implementing NTLM Seamless Login
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. After successfully configuring Liferay...
How Password Policies are Applied in Liferay
legacy
This article describes several cases in which a user can receive a password policy. Resolution Here are several use-cases outlining how password policies are applied in Liferay Portal. Case 1 When a user and all...
LDAP Frequently Asked Questions
legacy
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. As many Liferay subscribers use...
List of Cookies That Are Affected at Liferay Login
legacy How To
In compliance to the European Union Cookie Directive, please see the following articles in reference to cookies that Liferay has set upon at login. Resolution How HTTP Cookies are...
Setting Up OpenAM With Liferay Portal 6 on Tomcat
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Setting Up NTLM With Liferay
legacy How To
NTLM (NT Lan Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. When Liferay Portal is successfully integrated with NTLM, Active Directory users...
Setting Up Liferay Portal with Active Directory Server
legacy How To
The details of this article may also be covered in Configuring Liferay's LDAP Settings to Import Users. This article provides a comprehensive walkthrough for integrating an Active Directory Server with Liferay...
Using Liferay Connector to OAuth 2.0 in Liferay DXP 7.1
legacy How To
What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The OAuth example from our official documentation is worth repeating here; users can make Twitter or...
LSV-391: Security Advisory for Vulnerability With Pingback in Blogs
legacy How To
This advisory comes in response to the recent public announcement of a potential Server-Side Request Forgery (SSRF) vulnerability in Liferay Portal 7.0.4. The report talks about a perceived vulnerability for the...
Making Liferay CAPTCHA Easier to Read in Liferay Portal 6.1
legacy How To
This article is intended for legacy versions of Liferay Portal CAPTCHA is an industry standard security measure that requires users to enter what they see a small window as part of the validation process when creating an...
Spring Framework Security Vulnerabilities: CVE-2018-1270, CVE-2018-1271, CVE-2018-1272
legacy
QUESTION: How are Liferay Digital Enterprise 7.0 and Liferay Portal affected by the Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1271, and CVE-2018-1272? Resolution Impact to Liferay CVE-2018-1270: Liferay...
Disabling the Authentication System and Delegating It to an LDAP Server
legacy How To
By default, the Liferay platform always uses its own authentication system that checks and validates the user password in its own database. Even if you enable LDAP settings and set it...
Defining Encryption Algorithms for Passwords Stored in the Database
legacy How To
By default, Liferay encrypts the passwords that go into the database. The default algorithm is SHA-1 in 6.0 and 6.1 versions, which changed to PBKDF2WithHmacSHA1/160/128000 in version...
Elasticsearch and Liferay Enterprise Search Security Advisory: CVE-2018-3831
legacy
CVE-2018-3831 reports that, "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings...
Excluding User Groups Not Part of the BaseDN In LDAP Import
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. In older versions of Liferay Portal...
Apache Struts 2 Vulnerability: CVE-2017-9805 and CVE-2017-12611 - REST XStream FreeMarker
legacy
The following Common Vulnerabilities and Exposures (CVE) have been reported for Apache Struts 2: CVE-2017-9805 CVE-2017-12611 CVE-2018-1327 - REST XStream FreeMarker CVE-2018-11776 How are Liferay DXP (both 7.0 and...
JSESSIONID Changes as Part of Liferay Security
legacy
This article documents Liferay's position regarding the Session Identifier (JSESSIONID), including how and why a new JSESSIONID is generated.  Resolution Customers doing their own security scan of the Liferay platform...
Java NPEs in the Console When Refreshing the CAPTCHA Image
legacy Troubleshooting
This article documents a known issue where refreshing the CAPTCHA image causes a Java NullPointerException (NPE) to be triggered. Please note that the CAPTCHA image will still be refreshed. Steps to Reproduce Start the...
Open LDAP setup guide
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles...
WeDeploy Auth Admin Portlet in Liferay DXP 7.0 Fix Packs
legacy Troubleshooting
When deploying Liferay DXP 7.0 Fix Pack 24, 25, 26 or 27, the WeDeploy Auth Admin portlet will appear in the Control Panel. WeDeploy is currently a beta product. The addition of this portlet will have no impact or...
Configuring Theme-Embedded Portlets After Deploying Security-Hotfix-11-6012
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable....
Avoiding Authentication Errors With IE8 and IE9
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When a session of Liferay times-out, an...
Applying Security Update 2012-05-25 requires Tunnel-web
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
SAML Comprehensive Quick Start Guide for Liferay Portal
legacy How To
This is a comprehensive article that documents the steps for how to set up SAML on Liferay Portal 6.2 EE. In addition, this article covers the different ways that SAML can be implemented and utilized. SAML (Security...
Configuring Liferay DXP as SP and OKTA as IdP
legacy How To
This article documents the basic steps users need to execute in order to set up their instance of Liferay DXP as SP, and OKTA as IdP. Resolution OKTA Configuration Log in to OKTA and navigate to Admin > Add Application...
LDAP Import Rejects Users From Certain Domains
legacy Troubleshooting
This article explains why users from specific domains are not imported through LDAP due to the email address validator in the Liferay platform, and provides a solution to resolve this if a specific domain is required...
Using Liferay Connector to OAuth EE
legacy How To
What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The example from our official documentation is worth repeating here; users can make Twitter or Facebook...
Using the Data Migration Tool in Liferay Portal
legacy How To
This article describes the two uses of the data migration tool in the system administration section of Liferay Portal. The Data Migration Tool is fully supported for Liferay Portal 6.2...
Generating Liferay SAML Environment's metadata.xml
legacy How To
This article describes how to generate Liferay SAML metadata from a web browser. SAML metadata in an XML file is configuration data required to automatically negotiate agreements between system entities, comprising...
Public Hostnames and IP Addresses
legacy How To
Very often a Liferay Portal or Liferay DXP instance resides inside a private network and—due to a company's security policy—while it can serve content to the public Internet, it cannot access the...
Setting Up DXP 7.0 as SP and WSO2 as IdP
legacy How To
This article documents how to set up Liferay DXP 7.0 as SP and WSO2 as IdP. Resolution WSO2 configuration 1. Download wso2is-5.3.0.zip from the WSO2 site and extract the file to a dedicated directory. 2. Go to...
Setting Up ClamAV With the Liferay Platform on Windows
legacy How To
This article documents how to set up Clam Antivirus with the Liferay platform on Windows for testing purposes. The goal is to scan documents for viruses when they are being uploaded. Resolution Download ClamWin for...
Exporting OpenSSO Configuration Settings for Use in Another DXP Environment
legacy How To
If you are migrating your OpenSSO configuration from one environment to another, you don't need to migrate the settings manually. Resolution Login to your Liferay DXP environment. Navigate to Control Panel > Configuration...
Deploying and Managing SAML on Liferay DXP
legacy Troubleshooting
This troubleshooting guide is meant to supplement the existing SAML documentation. The information in this guide explains in more detail to demonstrate the most common use cases.  ...
ユーザーグループにユーザーをアサイン後、そのユーザーのSSOログイン直前にアサインを外される
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: ユーザーグループにユーザーをアサイン後、そのユーザーのSSOログイン直前にアサインを外される, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 128674, title:...
セッションタイムアウトの時間を、インスタンスごとに設定したいです。
legacy
, knowledgeArticleType: reference, legacy: true, name: セッションタイムアウトの時間を、インスタンスごとに設定したいです。, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 109505, title: セッションタイムアウトの時間を、インスタンスごとに設定したいです。
Aruba Networks製品の利用有無について
legacy
, knowledgeArticleType: reference, legacy: true, name: Aruba Networks製品の利用有無について, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 109889, title: Aruba Networks製品の利用有無について
「アイデンティティ・プロバイダーへリダイレクトしています...」というメッセージの画面の背景を変更可能ですか。
legacy
, knowledgeArticleType: reference, legacy: true, name: 「アイデンティティ・プロバイダーへリダイレクトしています...」というメッセージの画面の背景を変更可能ですか。, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 102179, title:...
ワンタイムパスワードが使用できなくなりました。
legacy
, knowledgeArticleType: reference, legacy: true, name: ワンタイムパスワードが使用できなくなりました。, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 96077, title: ワンタイムパスワードが使用できなくなりました。
LDAP連携の、認証検索絞り込みに利用可能なトークンの種類
legacy
, knowledgeArticleType: reference, legacy: true, name: LDAP連携の、認証検索絞り込みに利用可能なトークンの種類, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title:...
LDAPからのユーザーインポートについて
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: LDAPからのユーザーインポートについて, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: LDAPからのユーザーインポートについて
LiferayでのSAML設定方法
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: LiferayでのSAML設定方法, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: LiferayでのSAML設定方法
DXPで「ldap.import.create.role.per.group」を使用する方法
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: DXPで「ldap.import.create.role.per.group」を使用する方法, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title:...
SCIM Support for Microsoft Entra ID
legacy
Issue Is there complete out-of-the-box SCIM support for Microsoft Entra ID in Liferay DXP? Environment Versions before 2025.Q2.0. Resolution Full support for Microsoft Entra ID with Liferay's SCIM functionality was...
User ID's and Emails populating due to SSTI vulnerability
legacy Troubleshooting
Issue We've found an undesirable behvavior when using new widget templates on a page. When using the expandoColumnLocalService.CTPersistence.openNewSession(null) function, the the direct SQL query execution within...