Search Results

Issue The Forget Password form can be re-submitted with different cookies which lead to the CSRF issue. Environment Liferay DXP 7.2 Resolution This is considered as a False Positive, as the user is not logged into Liferay when accessing the Forget password page. CSRF is meant to protect...

Issue Page version control information is accessible in sitemap.xml - such information shall not be exposed for security reasons. Reproduction: 1) Start up bundle 2) Access sitemap (e.g. http://localhost:8080/sitemap.xml) 3) From the site map, open one of the URLs within <loc>...

Issue Changing password invalidates current sessions and the users have to log in again. 2020-02-07 13:08:37.558 ERROR [http-nio-8080-exec-2][PortletServlet:112] javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated Environment Liferay...

Issue By replacing the sessionId of a logged-in user, the user's session from another browser is replicated. Steps to reproduce Create 2 users like u1, u2 Assign the role for the u1 as "Power user", u2 as "Portal Content Reviewer" Create 2 pages like Page1, Page2 Click on the permission...

Issue How to integrate the SiteMinder SSO with Liferay Environment Liferay DXP 7.0 Resolution By default, Token based authentication is disabled in the Liferay. To manage the same, refer to this document Token-based Single Sign-On Authentication which describes the Token SSO...

Issue Using Active directory, after changing the user password, still, a user is able to login using the old password Environment Liferay portal 6.2  Resolution Under Control Panel -> Portal Settings -> Authentication -> LDAP, if the "required" checkbox is not selected then the expected...

Issue Getting a 404 error when downloading module "com.liferay.saml.opensaml.integration" from Release Notes page. Environment Liferay DXP 7.2 Resolution The module for  "com.liferay.saml.opensaml.integration" can be found on Marketplace. Please download SAML 2.0 from Liferay Marketplace...

Liferay Support does not recommend or endorse specific third-party products over others. The information provided about products not created by Liferay is for reference purposes only, and any implementation of these principles will be at your team's discretion. Issue After the creation...

Issue  When trying to download modules like "com.liferay.saml.opensaml.integration" from Liferay DXP Release Notes page, the download link can not be opened with a 404 error. Environment Liferay DXP 7.2 Resolution Modules like "com.liferay.saml.opensaml.integration" is included...

Issue Is Liferay Product affected by OpenSSL security issue CVE-2020-1967 ? Environment Liferay DXP 7.1 Resolution Since Liferay products do not come with OpenSSL built-in, Liferay is not affected by CVE-2020-1967 out of the box. If you have implemented OpenSSL into your project, your...

Issue When a F5 load balancer is in front of Liferay and is forcing a secure protocol, no administrative options can be selected and accessed. On Liferay the following options are configured on the portal-ext.properties web.server.https.port = 443 web.server.host = [A host is specified...

Issue After adding an Iframe to a Liferay page and set the Source URL of that Iframe to e.g. /web/guest/page2, Liferay will redirect to /web/guest/page2 when logging in through the Welcome homepage. Environment Liferay Portal 6.2 Liferay DXP 7.0+ Resolution The above has to be considered...

Issue If there's a web server in front of Liferay, when clicking on the Authorize button to authorize OAuth2 applications HTTP is used instead of HTTPS and the following WARNs are displayed in the log. 2019-11-08 09:37:05.000 WARN [http-nio-8080-exec-63][AbstractOAuthService:88] Unsecure...

Issue Is it possible to set different Authentication methods for different sites in the same portal instance? Environment Liferay DXP 7.2 Resolution Currently, it is not possible to use different authentication methods for different Sites in one Portal Instance on Liferay DXP 7.2. The...

Issue For any virtual instances apart from a default instance, if the "Required" option in LDAP is enabled, only LDAP users can log in to the portal. When the LDAP server is down/unreachable, none of the users able to log in. In that case, how to login to the portal to make the changes...

Issue What is the reason behind the following error which is thrown in the logs? [LDAPAuth:198] Failed to bind to the LDAP server with userDN CN=VERMA BRIJESH KUMAR (MR.),OU=USERS,OU=RND,DC=DS,DC=INDIANOIL,DC=IN and password Me4Sharom@15012020 javax.naming.AuthenticationException: [LDAP:...

Issue I am an Administrator in Liferay DXP Someone deleted an asset (for example an Organization) I check the events in the Audit app (Control Panel > Configuration > Audit) I open the delete event I can only see the Resource ID of the Organization but not its name Since it was removed...

Issue Updated (May 31, 2021): The behavior is enabled by default since Chrome 84. Updated (April 3, 2020): Chrome is Temporarily rolling back SameSite Cookie Changes Updated (June 12, 2020): Added information about the fixed versions of the SAML 2.0 connector. With the release of Chrome...

Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header Missing ”Strict-Transport-Security” header  Missing cross-origin resource...

Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java Cryptography     # Extension documentation.     #    ...