Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
What difference is there between System Setting and Instance Setting LDAP configurations?
legacy
Issue There are two locations within Liferay DXP where LDAP configurations can be set. One is the System Settings (Control Panel -> Configuration -> System Settings -> Security -> LDAP) and the other the Instance...
TLS v1.2 in Liferay DXP 7.1
legacy
Issue Due to some security vulnerable in TLS v1.0, it should be upgraded to TLS v1.2.  1. Does Liferay DXP 7.1 support TLS v1.2? 2. If it supports, then how to use/upgrade the same in Liferay DXP 7.1?...
Unable to import LDAP telephoneNumber into Liferay phone in the Contact page
legacy Troubleshooting
Issue Unable to import LDAP telephoneNumber (in Microsoft Active Directory) into Liferay Contact Information -> Phone Numbers on the Contact page. Environment Liferay DXP 7.1 Resolution Only attributes listed in...
Https Access Portal Problems
legacy Troubleshooting
Issue When users are trying to access to portal using https protocol, portal is redirecting to http protocol and pages are not showed right. Https protocol was configured in load balancers and application...
NTLM authenticate failed due to " Logon failure: unknown user name or bad password error "
legacy Troubleshooting
Issue Users are unable to login through NTML due to the following WARN: 2019-08-29 05:55:28.671 WARN [http-nio-8080-exec-5][Netlogon:104] Unable to authenticate user emma: Logon failure: unknown user name or bad password....
Security Advisory for CVE-2019-2729 for Oracle WebLogic
legacy Troubleshooting
Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
How to configure the "check-auth-token" parameter within an OSGi portlet?
legacy How To
Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled...
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
Apply button in OAuth 2 Administration is not working
legacy Troubleshooting
Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see:...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
AWS S3 Signature Version 2 Discontinued
legacy How To
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to process SAML SSO request
legacy Troubleshooting
Issue After configuring SAML SSO successfully, the user is unable to perform login and getting the following error in UI and Server console. UI Error:  "Unable to process SAML request" Server Console: ...
COOKIE_SUPPORT & GUEST_LANGUAGE_ID are not marked as Secure
legacy
Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application...
Configuration of NTLMv2 with Liferay
legacy
Issue How to configure NTLMv2 in Liferay as there is no configuration available in Liferay control panel to differentiate the request/service Environment Liferay 6.x Liferay 7.0 and Liferay 7.1 Resolution...
Users Fail to Import When First Name is Missing in LDAP
legacy
 This article discusses an apparent issue when Liferay Portal will throw a ContactFirstNameException error in the console. This error message appears when the first name is left out if importing a user from an LDAP...
How to configure HTTPS in Tomcat for Liferay DXP 7.3
legacy How To
Introduction Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding...
Using Shibboleth 3 as IdP + SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
LDAP Authentication and User Import/Export
legacy
This article provides an overview of LDAP integration with Liferay DXP 7.0. This content on authentication, user Import/Export, configurations, upgrade considerations and what has changed from previous Liferay...
Configuring Cookies' httpOnly Status
legacy How To
Description By default, the Liferay platform sets all of its cookies to httpOnly true in its portal.properties file (Liferay 6.2 and earlier) or in its system.properties (starting with Liferay 7.0) files. # #...
FAQ for LDAP on Liferay DXP
legacy
This document has been updated and ported to Liferay Learn and is no longer maintained here. This article documents some of the most frequently asked questions regarding the use of Lightweight Directory Access Protocol...
Possible LDAP NullPointerExceptions
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
Configuring reCAPTCHA v2 in Liferay Portal 6.2 EE
legacy How To
This article outlines how to configure reCAPTCHA version 2 in Liferay Portal 6.2.  Google is sunsetting reCAPTCHA v1 and as of March 2018 all v1 API calls will no longer work. In response to this "End of Life"...
Impact of Google Chrome 80 and changes in the default behavior of the SameSite cookie setting on SAML
legacy Troubleshooting
Issue Updated (May 31, 2021): The behavior is enabled by default since Chrome 84. Updated (April 3, 2020): Chrome is Temporarily rolling back SameSite Cookie Changes Updated (June 12, 2020): Added information about...
Encryption keys can be used at Liferay
legacy How To
Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java...
Why the error "Failed to bind to the LDAP server with userDN" is thrown in the logs
legacy Troubleshooting
Issue What is the reason behind the following error which is thrown in the logs? [LDAPAuth:198] Failed to bind to the LDAP server with userDN CN=VERMA BRIJESH KUMAR...
Why can't I see the name of the resource in the Audit app?
legacy
Issue I am an Administrator in Liferay DXP Someone deleted an asset (for example an Organization) I check the events in the Audit app (Control Panel > Configuration > Audit) I open the delete event I can only see the...
Why certain Security Headers are not included in the HTTP Request and Response of Liferay DXP
legacy
Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header...
Can SAML or LDAP be accessed via Liferay APIs?
legacy
Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed...
Configuring Liferay to display CAPTCHA's with numbers only - 7.2
Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by...
Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers?
legacy How To
Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already...
Security Vulnerability: Remote-Code-Execution (RCE) With ImageMagick
legacy Troubleshooting
Issue Symptom: CVE-2016-3714 - Insufficient shell characters filtering leads to potentially remote-code-execution vulnerability in ImageMagick. Environment  ImageMagick before 6.9.3-10...
Import nested groups and users from Microsoft Active Directory
legacy How To
Issue What configuration is needed in Liferay so that the nested groups and the users are imported from AD? Environment DXP 7.2 DXP 7.1 DXP 7.0 Resolution Change the User attribute of the Group Mapping in the LDAP server...
Users are being logged in as some other user
legacy Troubleshooting
Issue When any user logs into the portal, they see the user profile of another user instead of seeing their own profile. Environment Liferay DXP 7.0 Resolution There are usually two root causes for the...
Using one user's JSessionID any logged in user can access the respective user's session
legacy
Issue One user's session is accessed by knowing the respective user's JSessionID. Steps for reference: 1) 2 users (say: User A and User B) 2) User "A" logs-in to the system 3) Now, user "A" has one Jession...
Liferay's OpenID Connect implementation and Single Logout
legacy
Issue Does Liferay's OpenID Connect implementation support Single Logout? Environment Liferay DXP 7.1/7.2 Resolution Liferay's current OpenID Connect (OIDC) integration only implements parts of the Final specifications,...
LDAP users are unable to log in
legacy Troubleshooting
Issue Users who are present in LDAP are unable to perform login into Liferay and the below error was observed at the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable...
When SAML is enabled, logging out from particular Site should stay at the respective site itself
legacy
Issue When SAML is enabled, logging out from "SITE A" is not redirecting/stays at the respective site's home page itself.  Environment Liferay DXP 7.1 SAML plugin Resolution The ideal scenario is...
Does Liferay DXP 7.1 support HTTP headers?
legacy
Issue Does Liferay DXP 7.1 support the following HTTP headers: "X-Frame-Options", "X-XSS-Protection" and "X-Content-Type-Options"? If not, what changes have to be done from the application side to enable...
Liferay redirects to iframe source URL upon logging in
legacy Troubleshooting
Issue After adding an Iframe to a Liferay page and set the Source URL of that Iframe to e.g. /web/guest/page2, Liferay will redirect to /web/guest/page2 when logging in through the Welcome homepage. Environment...
Is Liferay Product affected by OpenSSL security issue CVE-2020-1967 ?
legacy
Issue Is Liferay Product affected by OpenSSL security issue CVE-2020-1967 ? Environment Liferay DXP 7.1 Resolution Since Liferay products do not come with OpenSSL built-in, Liferay is not affected by CVE-2020-1967 out of the...
No administrative options can be accessed when an F5 load balancer is in front of Liferay forcing a secure protocol
legacy Troubleshooting
Issue When a F5 load balancer is in front of Liferay and is forcing a secure protocol, no administrative options can be selected and accessed. On Liferay the following options are configured on the...
Is it possible to set different Authentication methods for different sites in the same portal instance
legacy
Issue Is it possible to set different Authentication methods for different sites in the same portal instance? Environment Liferay DXP 7.2 Resolution Currently, it is not possible to use different authentication methods...
When authorizing OAuth2 applications HTTP is used instead of HTTPS
legacy Troubleshooting
Issue If there's a web server in front of Liferay, when clicking on the Authorize button to authorize OAuth2 applications HTTP is used instead of HTTPS and the following WARNs are displayed in the log. 2019-11-08...
LDAP server is unreachable when "Required" option is enabled
legacy Troubleshooting
Issue For any virtual instances apart from a default instance, if the "Required" option in LDAP is enabled, only LDAP users can log in to the portal. When the LDAP server is down/unreachable, none of the...
Resolving errors when using Liferay JSON Web Service to do the searching
legacy Troubleshooting
Issue When invoking Liferay JSON Web Service to do the searching, you may encounter errors like the following: com.liferay.portal.kernel.dao.orm.ORMException: org.hibernate.exception.SQLGrammarException: could not execute...
LDAP users are unable to log in(Caused by: java.net.SocketException: Connection reset)
legacy Troubleshooting
Issue If the LDAP is configured and when the LDAP users are trying to log in, authentication fails and started getting the following error in the server console. ERROR...
Unable to handle SAML Request
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message in UI and in Server console. UI: "Unable to handle SAML Request" Server Console:  ERROR...
Authentication through LDAP when SAML is enabled
legacy Troubleshooting
Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the...
LDAP users are able to login with Default User Password
legacy
Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the...
[LES] Issues reinstalling Liferay Connector to X-Pack Security
legacy How To
Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack...
CSRF (p_auth) token is not included in portlet ResourceURLs
legacy
Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...)...
Preventing host header attack vulnerabilities
legacy How To
Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment...
[LES] How to reinstall Liferay Connector to X-Pack Security
legacy How To
Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this...
Antisamy - Document description field not sanitized
legacy
Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific...
How to reproduce https:// problems on localhost
legacy How To
Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed...
LDAP Import Rejects Users From Certain Domains
legacy Troubleshooting
This article explains why users from specific domains are not imported through LDAP due to the email address validator in the Liferay platform, and provides a solution to resolve this if a specific domain is required...
Generating Liferay SAML Environment's metadata.xml
legacy How To
This article describes how to generate Liferay SAML metadata from a web browser. SAML metadata in an XML file is configuration data required to automatically negotiate agreements between system entities, comprising...