Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Setting Up NTLM With Liferay
legacy How To
NTLM (NT Lan Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. When Liferay Portal is successfully integrated with NTLM, Active Directory users...
Setting Up Liferay Portal with Active Directory Server
legacy How To
The details of this article may also be covered in Configuring Liferay's LDAP Settings to Import Users. This article provides a comprehensive walkthrough for integrating an Active Directory Server with Liferay...
Using Liferay Connector to OAuth 2.0 in Liferay DXP 7.1
legacy How To
What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The OAuth example from our official documentation is worth repeating here; users can make Twitter or...
LSV-391: Security Advisory for Vulnerability With Pingback in Blogs
legacy How To
This advisory comes in response to the recent public announcement of a potential Server-Side Request Forgery (SSRF) vulnerability in Liferay Portal 7.0.4. The report talks about a perceived vulnerability for the...
Making Liferay CAPTCHA Easier to Read in Liferay Portal 6.1
legacy How To
This article is intended for legacy versions of Liferay Portal CAPTCHA is an industry standard security measure that requires users to enter what they see a small window as part of the validation process when creating an...
Spring Framework Security Vulnerabilities: CVE-2018-1270, CVE-2018-1271, CVE-2018-1272
legacy
QUESTION: How are Liferay Digital Enterprise 7.0 and Liferay Portal affected by the Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1271, and CVE-2018-1272? Resolution Impact to Liferay CVE-2018-1270: Liferay...
Disabling the Authentication System and Delegating It to an LDAP Server
legacy How To
By default, the Liferay platform always uses its own authentication system that checks and validates the user password in its own database. Even if you enable LDAP settings and set it...
Defining Encryption Algorithms for Passwords Stored in the Database
legacy How To
By default, Liferay encrypts the passwords that go into the database. The default algorithm is SHA-1 in 6.0 and 6.1 versions, which changed to PBKDF2WithHmacSHA1/160/128000 in version...
Elasticsearch and Liferay Enterprise Search Security Advisory: CVE-2018-3831
legacy
CVE-2018-3831 reports that, "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings...
Excluding User Groups Not Part of the BaseDN In LDAP Import
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. In older versions of Liferay Portal...
Apache Struts 2 Vulnerability: CVE-2017-9805 and CVE-2017-12611 - REST XStream FreeMarker
legacy
The following Common Vulnerabilities and Exposures (CVE) have been reported for Apache Struts 2: CVE-2017-9805 CVE-2017-12611 CVE-2018-1327 - REST XStream FreeMarker CVE-2018-11776 How are Liferay DXP (both 7.0 and...
JSESSIONID Changes as Part of Liferay Security
legacy
This article documents Liferay's position regarding the Session Identifier (JSESSIONID), including how and why a new JSESSIONID is generated.  Resolution Customers doing their own security scan of the Liferay platform...
Java NPEs in the Console When Refreshing the CAPTCHA Image
legacy Troubleshooting
This article documents a known issue where refreshing the CAPTCHA image causes a Java NullPointerException (NPE) to be triggered. Please note that the CAPTCHA image will still be refreshed. Steps to Reproduce Start the...
Open LDAP setup guide
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles...
WeDeploy Auth Admin Portlet in Liferay DXP 7.0 Fix Packs
legacy Troubleshooting
When deploying Liferay DXP 7.0 Fix Pack 24, 25, 26 or 27, the WeDeploy Auth Admin portlet will appear in the Control Panel. WeDeploy is currently a beta product. The addition of this portlet will have no impact or...
Configuring Theme-Embedded Portlets After Deploying Security-Hotfix-11-6012
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable....
Avoiding Authentication Errors With IE8 and IE9
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When a session of Liferay times-out, an...
Applying Security Update 2012-05-25 requires Tunnel-web
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
SAML Comprehensive Quick Start Guide for Liferay Portal
legacy How To
This is a comprehensive article that documents the steps for how to set up SAML on Liferay Portal 6.2 EE. In addition, this article covers the different ways that SAML can be implemented and utilized. SAML (Security...
Configuring Liferay DXP as SP and OKTA as IdP
legacy How To
This article documents the basic steps users need to execute in order to set up their instance of Liferay DXP as SP, and OKTA as IdP. Resolution OKTA Configuration Log in to OKTA and navigate to Admin > Add Application...