Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The screen name cannot be an email address or a reserved word
legacy Troubleshooting
Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate...
How to protect against CVE-2022-41853 vulnerability
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?   Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3   Resolution CVE-2022-41853 : This...
Liferay Security Scanning
legacy
Issue What procedures does Liferay follow to perform security scanning? Environment Liferay DXP Resolution Liferay uses DAST and SAST tools for scanning. Pen test and manual code reviews are performed as well....
Link doesn't work in Knowledge base when a non-standard protocol is chosen.
legacy Troubleshooting
Issue When adding the notes:// protocol to a link in Knowledge Base, AntiSamy removes it and displays it as text. Environment Liferay DXP 7.2, 7.3 Resolution By default, everything is sanitized by AntiSamy, with 3...
Are Unique Email Addresses Required for Authentication
legacy
Issue Our company has a few external clients whose users have unique screen names, but all share one email address. This is causing various conflicts such as two users being unable to sign in simultaneously. The error...
How to Login after Blacklisting the Sign-In Portlet
legacy Troubleshooting
Issue We Blacklisted the Sign-In Portlet with a third-party authentication application and the admin logins were not synchronized in the process and so now we can no longer access our environment. How can we restore...
Local Liferay Admin Users unable to authenticate when LDAP is Configured on Virtual Instance
legacy How To
Issue When a main Liferay instance and a second virtual instance are both connected to the same LDAP server, local Liferay admin users are unable to log in when the “Required” box is checked. In the case where the LDAP...
SAML IDP is unable to initiate SLO
legacy Troubleshooting
Issue SAML Identity Provider is unable to initiate Single Log Out Notes 1. Set the different virtual hosts as below as an example 127.0.0.1www.bbb.com (For IDP) 127.0.0.1www.sp.com (For SP) 2. Using thetest...
Records are not removed from samlspsession table if the user closes the browser instead of logging out
legacy Troubleshooting
Issue Records are not removed from `samlspsession` table if the user closes the browser instead of logging out. Steps to reproduce: 1. Setup two instances of Liferay to use SAML - one as IDP and one as SP....
Resource and Global scopes tabs are not listing under oAuth2 administration scopes
legacy How To
Issue I not see the Resource and Global Sub-tabs under the Scopes tab on Oauth2 clients (in Control Panel/ OAuth2 Administration) Environment 7.3+ Resolution After https://issues.liferay.com/browse/LPS-105158 the scope...
Can both Liferay and LDAP Password policies be enabled at the same time?
legacy
Issue Is there a way to make both of Liferay and LDAP policies work together, so that users logging via Liferay authentication will be handled by Liferay's password policies and users authenticating...
EU Login via OpenID Connect needs Proof Key for Code Exchange (PKCE)
legacy
Issue I would like to integrate my portal with an EU Login mock server instance via OpenID Connect It does not work since the OpenID connect server needs Proof Key for Code Exchange (PKCE) After configuration, when I am...
LDAP Import Enabled under SAML settings
legacy
Issue What is the actual functionality of LDAP Import Enabledunder SAML settings Environment Liferay DXP 7.2, 7.3, 7.4 SAML Resolution Checking LDAP Import Enabled under SAML settings affects 3 functions:...
Authentication flow in Liferay when LDAP is enabled
legacy
Issue Liferay is configured to use LDAP When Liferay Authentication will happen? When LDAP Authentication will happen? Environment Liferay DXP 7.0 -7.4 Resolution LDAP authentication always happens before...
I would like to control email notifications to Liferay strangers.
legacy How To
Issue How are strangers defined by Liferay? How can I control email notifications to strangers upon signup? Environment DXP 7.3+ Resolution The SAML property defining unknown users as strangers was introduced in DXP 7.3....
How to get rid of SSLHandshakeException?
legacy Troubleshooting
Issue When trying to access the site URL, the console displays the following exception, and the site is inaccessible. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshakefailure...
Need to hide Liferay Auth token as it is visible in Page source
legacy
Issue When using the burp suite tool to intercept traffic, the Liferay Auth token is visible in the Page Source, which could make the environment vulnerable in the user's view. Environment Liferay DXP 7.0+ Resolution...
When logging in with an OpenID Provider, the portal shows "Internal Server Error"
legacy Troubleshooting
Issue When configuring an OpenID Provider and trying to log in with an user, the callback to the portal shows an error message similar to the one below: Internal Server Error An error occurred while...
Is Liferay creating cookies site base?
legacy
Issue Is Liferay creating a cookies site base? If so, where exactly on the Liferay server would all the cookies be physically kept?  Environment Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4...
Users who are not registered with Liferay application are able to log in
legacy Troubleshooting
Issue Users who are not registered with the Liferay application are able to log in even though they have no connections. Environment Liferay DXP 7.0 to 7.4 Resolution Users log into Liferay DXP by using...
Lodash Security Vulnerability
legacy Troubleshooting
Issue In Liferay, a vulnerable version of Lodash 4.17.14 is being used. Environment Liferay DXP 7.0 Resolution The observed behavior is a known issue LPE-17236 and has already been fixed in the latest fix...
SSO at site level
legacy
Issue Is there any OOTB option to configure SAML for two sites on the same instance? Whether creating a new instance for a site would help to configure SAML? Environment Liferay DXP 7.2 Liferay DXP 7.3...
Enabling information about server errors in the JSON response
legacy Troubleshooting
Issue There is no error messages from api json services. How to manage the serialization and access to  Json services In Liferay Portal 6.2 or DXP7.0 the server response is serialized and shows information related...
Use Custom certificate and Let's encrypt at same time in different domains
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue We need to have some domains with custom certificates and...
Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
legacy Troubleshooting
Issue SAML has abruptly stopped working, and no user can log in. The Liferay console contains the following errors: DEBUG [ajp-nio-172.1.129.26-8080-exec-351][BaseSignatureTrustEngine:200] Attempting to establish...
Does CVE-2022-34305 affect Liferay?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Portal prints error stacktrace on the browser, disclosing technical information
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When navigating some incorrectly crafted URLs...
Error message is not displayed when an error occurs in JSONWS
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to send message: 554 X.X.XXX SendAsDenied
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: 554 X.X.XXX SendAsDenied" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email notifications in Liferay 2. Sometimes, the...
JSESSIONID not secure by default
legacy Troubleshooting
Issue The JSESSIONID cookie that comes with Liferay requests in the browser is not secure by default when inspected in the browser. Environment Liferay DXP 7.3 Resolution Set the JSESSIONID in web.xml...
Could not connect to the SMTP host exceptions
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: Could not connect to SMTP host: smtp.office365.com, port: 587" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email...
Can Liferay be affected by the IceApple framework?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue CrowdStrike’s Falcon Overwatch has discovered a...
How to Update Webserver Credentials
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue I would like to change my webserver login credentials....
OAuth 2.0 with Kerberos
legacy Troubleshooting
Issue You might encounter an issue where after the SSO setup, you start having problems with OAuth 2.0 and the call to /o/oauth2/token is failing with a "401 Unauthorized error". Also if you use Apache you might...
How to protect the portal against Bootstrap: CVE-2019-8331 vulnerability
legacy How To
Issue Liferay 7.0 uses a Bootstrap versión that has this vulnerability: CVE-2019-8331 - XSS is possible in the tooltip or popover data-template attribute. Bootstrap issue 20184 - XSS in data-target attribute....
InvalidNameIDPolicy errors
legacy Troubleshooting
Issue The following error occurs while configuring Liferay as SP and ADFS as Idp. At Liferay
Signed SAML response
legacy How To
Issue How can the signed response, which is required by ADFS to complete authentication at the Liferay end, be clarified? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Resolution...
"Content security policy" header is not available in the application response
legacy
Issue The "Content security policy" header is not available in the application response. How to add or enable the CSP? Environment Liferay DXP 7.3 Resolution Liferay doesn't directly support the CSP as there are no...
Impact of Spring4Shell and Spring Cloud Security Advisory on other libraries related to Spring
legacy
Issue There previously was a Security Advisory regarding a vulnerability for the Spring4Shell and Spring Cloud libraries. These vulnerabilities are detailed in this article here:  Spring4Shell and Spring Cloud Security...
Version of spring-** jars after installing a hotfix
legacy
Issue To address the Spring4Shell vulnerabilities, the patched version of spring-beans.jar should be in its manifest file after the hotfix installation, is spring-webmvc.jar included in this? Environment Liferay...