Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
LDAP Import Enabled under SAML settings
legacy
Issue What is the actual functionality of LDAP Import Enabledunder SAML settings Environment Liferay DXP 7.2, 7.3, 7.4 SAML Resolution Checking LDAP Import Enabled under SAML settings affects 3 functions:...
Error message is not displayed when an error occurs in JSONWS
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to send message: 554 X.X.XXX SendAsDenied
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: 554 X.X.XXX SendAsDenied" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email notifications in Liferay 2. Sometimes, the...
JSESSIONID not secure by default
legacy Troubleshooting
Issue The JSESSIONID cookie that comes with Liferay requests in the browser is not secure by default when inspected in the browser. Environment Liferay DXP 7.3 Resolution Set the JSESSIONID in web.xml...
Could not connect to the SMTP host exceptions
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: Could not connect to SMTP host: smtp.office365.com, port: 587" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email...
Using one user's JSessionID any logged in user can access the respective user's session
legacy
Issue One user's session is accessed by knowing the respective user's JSessionID. Steps for reference: 1) 2 users (say: User A and User B) 2) User "A" logs-in to the system 3) Now, user "A" has one Jession...
Liferay's OpenID Connect implementation and Single Logout
legacy
Issue Does Liferay's OpenID Connect implementation support Single Logout? Environment Liferay DXP 7.1/7.2 Resolution Liferay's current OpenID Connect (OIDC) integration only implements parts of the Final specifications,...
LDAP users are unable to log in
legacy Troubleshooting
Issue Users who are present in LDAP are unable to perform login into Liferay and the below error was observed at the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable...
When SAML is enabled, logging out from particular Site should stay at the respective site itself
legacy
Issue When SAML is enabled, logging out from "SITE A" is not redirecting/stays at the respective site's home page itself.  Environment Liferay DXP 7.1 SAML plugin Resolution The ideal scenario is...
Does Liferay DXP 7.1 support HTTP headers?
legacy
Issue Does Liferay DXP 7.1 support the following HTTP headers: "X-Frame-Options", "X-XSS-Protection" and "X-Content-Type-Options"? If not, what changes have to be done from the application side to enable...
TLS v1.2 in Liferay DXP 7.1
legacy
Issue Due to some security vulnerable in TLS v1.0, it should be upgraded to TLS v1.2.  1. Does Liferay DXP 7.1 support TLS v1.2? 2. If it supports, then how to use/upgrade the same in Liferay DXP 7.1?...
Unable to import LDAP telephoneNumber into Liferay phone in the Contact page
legacy Troubleshooting
Issue Unable to import LDAP telephoneNumber (in Microsoft Active Directory) into Liferay Contact Information -> Phone Numbers on the Contact page. Environment Liferay DXP 7.1 Resolution Only attributes listed in...
Https Access Portal Problems
legacy Troubleshooting
Issue When users are trying to access to portal using https protocol, portal is redirecting to http protocol and pages are not showed right. Https protocol was configured in load balancers and application...
NTLM authenticate failed due to " Logon failure: unknown user name or bad password error "
legacy Troubleshooting
Issue Users are unable to login through NTML due to the following WARN: 2019-08-29 05:55:28.671 WARN [http-nio-8080-exec-5][Netlogon:104] Unable to authenticate user emma: Logon failure: unknown user name or bad password....
Password is visible as a plain text in the user's browser console
legacy
Issue When a user tries to log in to Liferay via Liferay's default Sign-In portlet, the user's password shows in the browser console as a plain text. Environment Liferay DXP 7.0-7.4 Resolution This is not a Liferay issue....
SAML SLO is not working when using two Liferay servers in my machine
legacy Troubleshooting
Issue We configured 2 Liferay Servers in my machine, one as Service Provider and the other as Identity Provider. We managed to perform the login through IdP. The issue happens when we try to logout the user in SP....
Possible Mismatch Between the Real LDAP Import Time and Import Interval Set on Instance Settings after LPS-98420
legacy Troubleshooting
Issue After LPS-98420, there might be a mismatch between the real LDAP Import trigger time and Import Interval set on instance settings. For example: Set “System Settings -> LDAP -> Import Interval” to 2. Set “Instance...
Resolving errors when using Liferay JSON Web Service to do the searching
legacy Troubleshooting
Issue When invoking Liferay JSON Web Service to do the searching, you may encounter errors like the following: com.liferay.portal.kernel.dao.orm.ORMException: org.hibernate.exception.SQLGrammarException: could not execute...
LDAP users are unable to log in(Caused by: java.net.SocketException: Connection reset)
legacy Troubleshooting
Issue If the LDAP is configured and when the LDAP users are trying to log in, authentication fails and started getting the following error in the server console. ERROR...
Unable to handle SAML Request
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message in UI and in Server console. UI: "Unable to handle SAML Request" Server Console:  ERROR...
Authentication through LDAP when SAML is enabled
legacy Troubleshooting
Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the...
LDAP users are able to login with Default User Password
legacy
Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the...
[LES] Issues reinstalling Liferay Connector to X-Pack Security
legacy How To
Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack...
CSRF (p_auth) token is not included in portlet ResourceURLs
legacy
Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...)...
Preventing host header attack vulnerabilities
legacy How To
Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment...
[LES] How to reinstall Liferay Connector to X-Pack Security
legacy How To
Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this...
Antisamy - Document description field not sanitized
legacy
Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific...
How to reproduce https:// problems on localhost
legacy How To
Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed...
Security Advisory for CVE-2019-2729 for Oracle WebLogic
legacy Troubleshooting
Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are...
How to configure the "check-auth-token" parameter within an OSGi portlet?
legacy How To
Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled...
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
Apply button in OAuth 2 Administration is not working
legacy Troubleshooting
Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see:...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
Session lost on page redirect using POST method when request header is SameSite=LAX
legacy Troubleshooting
Issue The problem is happening when using POST method to receive data from another portal on a different domain, which is considered unsafe when request header is SameSite=LAX, that because if this header is not...
Existing users password encryption algorithm is not updated on password reset
legacy Troubleshooting
Issue The password encryption algorithm of existing users is not being updated after doing a password reset. Environment DXP 7.4 Resolution To resolve this behavior, open a help center ticket to request a hotfix...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
Detected vulnerabilities related to Jettison
legacy Troubleshooting
Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote -...
Behavior when a session expires while posting on the bulletin board
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Known vulnereabilities in jackson-databind-2.9.6
legacy Troubleshooting
Issue apio-architect-impl has a dependency of jackson-databind-2.9.6 which has the following known vulnerabilities: CVE-2018-19362 CVE-2018-19361 CVE-2018-19360 CVE-2018-14721 CVE-2018-14720 CVE-2018-14719...
Apache Log4j 1.x has reached its end-of-life
legacy
Issue Log4j 1.x has reached end-of-life status: https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces Environment Liferay DXP 7.0  Liferay DXP 7.1 Liferay DXP 7.2  Liferay DXP 7.3 ...
CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645
legacy Troubleshooting
Issue This article outlines the concerns of CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645 vulnerabilities with respect to the Liferay DXP Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP...
Error when configuring SAML in a clustered environment for the first time
legacy Troubleshooting
Issue When configuring SAML in a clustered environment and entering the configuration Idp connection an error is shown: java.lang.RuntimeException: java.lang.NullPointerException at...
javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated error
legacy
Issue Why does this error gets triggered? What would be the cause? INFO  [http-nio-8080-exec-2573][CustomLoginPortlet:726] url redirect = https://xxxx/group/yyyy ERROR [http-nio-8080-exec-2573][PortletServlet:112]...
Browser console error : The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future
legacy Troubleshooting
Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented...
Getting mixed content on the portal
legacy Troubleshooting
Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth....
Automated process to remove users from Liferay that are no longer in LDAP?
legacy How To
Issue Is there a way to automatically remove users from Liferay who are no longer in LDAP? Environment Liferay DXP 7.1 Resolution There's no automated process to do this out of the box. However, a feature request...
Cross Site Scripting Vulnerability report on refererPlid or other parameters
legacy
Issue During a penetration test, a Cross Site Scripting Vulnerability may be reported, indicating that you can inject a script into the refererPlid parameter or into the...
The behavior of bypassing SAML SSO has changed
legacy Troubleshooting
Issue There is a use case in which a subset of users are meant to bypass SAML SSO and login directly to the Liferay SP. On Liferay 7.2 dxp-8, users successfully used the following URL to achieve this:...
CVE-2021-27568 json-smart v2 through v2.4
legacy Troubleshooting
Issue Steps to Reproduce: The json-smart.jar's can be found here:...
Reset Connection option is missing on the License page in DXP 7.3
legacy Troubleshooting
Issue The reset connection option is missing on the License page in DXP 7.3 which is available on the previous releases. Environment Liferay DXP 7.3 GA1 Resolution This is a known limitation of the product that might...
How to Configure Liferay DXP with Multiple IdPs (OKTA via SAML and OIDC)
legacy How To
This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of...
How to kill the session on browser (tab or window) close?
legacy Troubleshooting
Issue The user session should be terminated immediately if they close the browser tab or window. Environment DXP 7.0 + Resolution Liferay maintains the session of 30 minutes by default and Liferay doesn't provide any...
Disable password verification for SSO users
legacy How To
Issue When changing the screen name or email address of a user, the portal now requires a password verification. This was not a requirement for previous versions of Liferay. Environment DXP 7.3+ Resolution This is a...
Replacing NTLM SSO with Kerberos in Liferay Portal 6.2
legacy How To
Issue NTLM SSO protocol has some vulnerabilities addressed by Microsoft in CVE-2020-1472 (external link), forcing to use the secure RPC connection. See also How to manage the changes in Netlogon secure channel...
Unable to upload file bigger than 10MB with ClamAVSizeLimitException after enabling Antivirus
legacy Troubleshooting
Issue Unable to upload a file bigger than 10MB after enabling antivirus with the following error in the log 2021-07-19 08:35:43.476 ERROR [http-nio-8080-exec-9][PortletServlet:119] javax.portlet.PortletException:...
Known Vulnerabilities with Liferay Fjord Theme and 1975 London Theme
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay Fjord Theme and Liferay 1975 London Theme depend on third party...
How can we get a complete picture of a user's activity history?
legacy How To
Issue Is there a way to find out how and by whom a user was created? Environment Liferay DXP 7.2 Resolution The steps below can be used to track user activity. Log in by 'Test' user (Admin User) Create a new user...