Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Applying Security Update 2012-05-25 requires Tunnel-web
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
Configuring Liferay DXP as SP and OKTA as IdP
legacy How To
This article documents the basic steps users need to execute in order to set up their instance of Liferay DXP as SP, and OKTA as IdP. Resolution OKTA Configuration Log in to OKTA and navigate to Admin > Add Application...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
Getting BadPaddingException errors in the logs after an upgrade
legacy Troubleshooting
Issue After upgrading Liferay DXP, javax.crypto.BadPaddingException errors appear in the logs when using 'Auto Login' feature ('Remember me'). Example error message: ERROR [AutoLoginFilter:247] Current URL /home...
"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When accessing the OAuth2 authorization URL...
Unexpected SAML calls: com.liferay.saml.internal.servlet.filter.SpSessionTerminationSamlPortalFilter.doProcessFilter
legacy Troubleshooting
Issue When navigating through the portal with SAML disabled, there are a few SAML-related filters that are still being processed, leading to database calls and causing slower performance. at...
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
legacy
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
SAML Logout Issues: Multiple Login Entries and Optimistic Locking Exceptions
legacy Troubleshooting
Issue When a user logs out after authenticating via SAML, multiple login entries might be recorded in the audit logs. This can lead to HibernateOptimisticLockingException errors, particularly during...
LIFERAY.HEADLESS.DELIVERY scope missing or delayed in OAuth 2 applications
legacy Troubleshooting
Issue The LIFERAY.HEADLESS.DELIVERY scope is missing or delayed in appearing when creating or managing OAuth 2 applications. The issue can occur intermittently, with the scope sometimes appearing after a delay of...
User did not provide a valid CSRF token Error
Troubleshooting
Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
CORS request is failing
legacy Troubleshooting
Issue If the user allows any origin (Access-Control-Allow-Origin: *) to access the resource, the CORS request fails. Steps to reproduce: 1. Start Liferay DXP 7.4 U90 2. Navigate to Control Panel > Instance...
Vulnerabilities for spring-web and spring-core
legacy
Issue Vulnerabilities remain unresolved in spring-web and spring-core, even after a fix was applied to spring-context. For spring-web: Vulnerable component: org.springframework:spring-web:5.3.39 For spring-core:...
Audit Events filtered by date/time are not being exported accurately
legacy Troubleshooting
Issue When using using the Audit Export Feature, filters for date and time are not applied accurately in the resulting CSV file. The exported file may not include entries explicitly requested by the filter. For...
I want to skip OpenID Connect provider selector at sign in if there is only one provider
legacy Troubleshooting
Issue We want to bypass the client selection screen because there is only one OpenID Client to choose.   Environment Quarterly Releases   Resolution There is a Feature Request opened for this which is currently under...
Link doesn't work in Knowledge base when a non-standard protocol is chosen.
legacy Troubleshooting
Issue When adding the notes:// protocol to a link in Knowledge Base, AntiSamy removes it and displays it as text. Environment Liferay DXP 7.2, 7.3 Resolution By default, everything is sanitized by AntiSamy, with 3...
Are Unique Email Addresses Required for Authentication
legacy
Issue Our company has a few external clients whose users have unique screen names, but all share one email address. This is causing various conflicts such as two users being unable to sign in simultaneously. The error...
The screen name cannot be an email address or a reserved word
legacy Troubleshooting
Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate...
How to protect against CVE-2022-41853 vulnerability
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?   Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3   Resolution CVE-2022-41853 : This...
Liferay Security Scanning
legacy
Issue What procedures does Liferay follow to perform security scanning? Environment Liferay DXP Resolution Liferay uses DAST and SAST tools for scanning. Pen test and manual code reviews are performed as well....