Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The'redirect.url.domains.allowed' property somehow doesn't restrict redirection
legacy Troubleshooting
Issue Even when the 'redirect.url.domains.allowed' property is set, some redirects occur. Steps to reproduce: 1) Set the following properties in the portal-ext.properties file. redirect.url.security.mode=domain...
Known vulnereabilities in jackson-databind-2.9.6
legacy Troubleshooting
Issue apio-architect-impl has a dependency of jackson-databind-2.9.6 which has the following known vulnerabilities: CVE-2018-19362 CVE-2018-19361 CVE-2018-19360 CVE-2018-14721 CVE-2018-14720 CVE-2018-14719...
Apache Log4j 1.x has reached its end-of-life
legacy
Issue Log4j 1.x has reached end-of-life status: https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces Environment Liferay DXP 7.0  Liferay DXP 7.1 Liferay DXP 7.2  Liferay DXP 7.3 ...
CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645
legacy Troubleshooting
Issue This article outlines the concerns of CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645 vulnerabilities with respect to the Liferay DXP Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP...
javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated error
legacy
Issue Why does this error gets triggered? What would be the cause? INFO  [http-nio-8080-exec-2573][CustomLoginPortlet:726] url redirect = https://xxxx/group/yyyy ERROR [http-nio-8080-exec-2573][PortletServlet:112]...
Error when configuring SAML in a clustered environment for the first time
legacy Troubleshooting
Issue When configuring SAML in a clustered environment and entering the configuration Idp connection an error is shown: java.lang.RuntimeException: java.lang.NullPointerException at...
Browser console error : The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future
legacy Troubleshooting
Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented...
Getting mixed content on the portal
legacy Troubleshooting
Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth....
Force Basic and Force Digest Auth option are not honored
legacy Troubleshooting
Issue Steps to reproduce: Configure Digest Authentication: System Settings > API Authentication > Digest Authentication: Force Digest Authentication: True Enabled: True Hosts Allowed: n/a URLs Excludes: n/a URLs...
Error signing via SAML: com.liferay.saml.runtime.exception.AudienceException: Unable verify audience
legacy Troubleshooting
Issue Liferay is configured as a SAML Service Provider. When trying to sign in to Liferay it is not possible and the following error is shown in the logs: 2022-01-20 11:50:38.554 ERROR [default...
Session logs out intermittently after being redirected by the payment link
legacy Troubleshooting
Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt)...
Unable to bind to the LDAP server javax.naming.CommunicationException: [Root exception is java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_
legacy Troubleshooting
Issue During the time of portal login using the LDAP users, the user('s) are able to log in successfully, LDAP connections have an active connection but observed the below warnings in the Liferay log.  2021-12-17...
SAML Authentication Issue: Message context was not authenticated when Azure AD as IDP
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message. ERROR [http-nio-8080-exec-36][BaseSamlStrutsAction:59]...
Can Multi-Factor Authentication (MFA) be set for specific roles only?
legacy
Issue We want to set up MFA for Administrators only. Is this possible with Liferay out-of-the-box? Can we target specific users to sign in using multi-factor authentication? Environment DXP 7.4 DXP 7.3 DXP 7.2  ...
URL length modification / restriction
legacy
Issue Sometimes we need to modify or restrict the length or URL Liferay generates ( for example for security custom solutions ) but Liferay has no out of the box solution for that. Environment DXP 7.2...
How to enable CSRF Token in Liferay?
legacy
Issue How to enable CSRF Token in order to prevent CSRF attacks in Liferay? Environment Liferay DXP 7.2 Resolution Liferay's p_auth token protects against CSRF and is enabled by default. Here is the main...
Change the GUEST_LANGUAGE_ID cookie to expire Null
legacy Troubleshooting
Issue The Guest language ID cookie in Liferay has a one-year expiration, whereas the undefined cookie in the F5 balancer caused the conflict. Is there a way to modify the Cookie's duration in Liferay? Environment...
dtSa cookies containing special characters
legacy
Issue As dtsa cookies are detected, are these cookies URLs cause for concern? Is there any information concerning these cookies in relation to Liferay? Use Case: As Liferay generated dtSa cookies contain the...
How to configure the default timeout value to any value instead of having it capped at 500ms
legacy
Issue The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.  Use Case: The user would like to be able to set/configure...
Liferay as SAML SP fails after switching the URL of the virtual instance
legacy Troubleshooting
Issue SAML configuration hasn't been working since the virtual host of the portal instance changed. Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not...
How to prevent an AD user from logging into Liferay using the old password if LDAP authentication cannot set to be required
legacy Troubleshooting
Issue After the user changes the password in Microsoft Active Directory (AD), the user can still log into Liferay using the old password. If enabling "Required" option, the issue can be resolved. But users created manually...
How can the p_auth authorization token be generated?
legacy
Issue Liferay protects itself against CSRF attacks by generating the p_auth authorization token. How can this token be created? Environment DXP 7.0, 7.1, 7.2, 7.3 Resolution When "auth.token.check.enabled=true" is set in...
Automated process to remove users from Liferay that are no longer in LDAP?
legacy How To
Issue Is there a way to automatically remove users from Liferay who are no longer in LDAP? Environment Liferay DXP 7.1 Resolution There's no automated process to do this out of the box. However, a feature request...
Cross Site Scripting Vulnerability report on refererPlid or other parameters
legacy
Issue During a penetration test, a Cross Site Scripting Vulnerability may be reported, indicating that you can inject a script into the refererPlid parameter or into the...
When resetting a password, duplicate error messages appear
legacy Troubleshooting
Issue Duplicate error messages show up when resetting the password Steps to reproduce: 1. Start and set up Liferay DXP 7.3 SP1 using the setup wizard. The email can be set as test@liferay.com and the password as a...
The behavior of bypassing SAML SSO has changed
legacy Troubleshooting
Issue There is a use case in which a subset of users are meant to bypass SAML SSO and login directly to the Liferay SP. On Liferay 7.2 dxp-8, users successfully used the following URL to achieve this:...
How to resolve users being unable to log out after configuring a Token-Based SSO
legacy Troubleshooting
Issue After configuring and enabling a Token Based SSO in our 7.2 environment (upgraded from 7.0), users are now unable to log out, and they are instead redirected to the home page (still logged in). In our 7.0...
CVE-2021-27568 json-smart v2 through v2.4
legacy Troubleshooting
Issue Steps to Reproduce: The json-smart.jar's can be found here:...
How to Configure Liferay DXP with Multiple IdPs (OKTA via SAML and OIDC)
legacy How To
This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of...
How to kill the session on browser (tab or window) close?
legacy Troubleshooting
Issue The user session should be terminated immediately if they close the browser tab or window. Environment DXP 7.0 + Resolution Liferay maintains the session of 30 minutes by default and Liferay doesn't provide any...
Reset Connection option is missing on the License page in DXP 7.3
legacy Troubleshooting
Issue The reset connection option is missing on the License page in DXP 7.3 which is available on the previous releases. Environment Liferay DXP 7.3 GA1 Resolution This is a known limitation of the product that might...
Disable password verification for SSO users
legacy How To
Issue When changing the screen name or email address of a user, the portal now requires a password verification. This was not a requirement for previous versions of Liferay. Environment DXP 7.3+ Resolution This is a...
I cannot create new Virtual Instance with error Screen name must not be null
legacy Troubleshooting
Issue When I try to create a new Virtual Instance, the portal displays the error "Your request failed to complete". The portal log shows the following error: ERROR [default...
Importing LDAP settings through osgi/config files does not import password
legacy
Issue LDAP settings can be imported into the Liferay environment using osgi/config files These settings are imported into System Settings, and can then be configured for an individual instance in Instance Settings When...
Content-Security-Policy Header Integration
legacy
Issue How can a CSP (content security policy) HTTP header that enables only specific external resources to be loaded in the frontend be implemented? Environment Liferay DXP 7.2 Resolution CSP is not currently...
HTTP Strict Transport Security (HSTS) Header Not Used
legacy How To
Issue The HSTS header cannot completely defend against man-in-the-middle attacks. However, it can be useful in defending against an attack in which an attacker establishes an encrypted connection to the application and...
Verbose Error Messages
legacy How To
Issue The name of the technologies used, such as Apache Coyote, Tomcat, etc. are visible. Environment Liferay DXP 7.2, DXP 7.3 Resolution  Each application is responsible for allowing its information to be displayed...
Known Vulnerabilities with Liferay AntiSamy
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay AntiSamy app depends on third party libraries that have known...
Avoid or allow that some applications can be dynamically displayed in a page
legacy How To
Issue The permissions system for an application (portlet) includes a security check when the application is going to be displayed in a page. Normally, the users should not be able to see applications if the...
Replacing NTLM SSO with Kerberos in Liferay Portal 6.2
legacy How To
Issue NTLM SSO protocol has some vulnerabilities addressed by Microsoft in CVE-2020-1472 (external link), forcing to use the secure RPC connection. See also How to manage the changes in Netlogon secure channel...
Unable to upload file bigger than 10MB with ClamAVSizeLimitException after enabling Antivirus
legacy Troubleshooting
Issue Unable to upload a file bigger than 10MB after enabling antivirus with the following error in the log 2021-07-19 08:35:43.476 ERROR [http-nio-8080-exec-9][PortletServlet:119] javax.portlet.PortletException:...
Known Vulnerabilities with Liferay Fjord Theme and 1975 London Theme
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay Fjord Theme and Liferay 1975 London Theme depend on third party...
How can we get a complete picture of a user's activity history?
legacy How To
Issue Is there a way to find out how and by whom a user was created? Environment Liferay DXP 7.2 Resolution The steps below can be used to track user activity. Log in by 'Test' user (Admin User) Create a new user...
How to set up a Mail Server with DXP to receive email notifications?
legacy How To
Issue This article outlines how to set up a Mail Server and SMTP in Liferay DXP to receive emails. Environment Liferay DXP 7.3 Resolution Liferay DXP uses a mail server and SMTP to get email notifications. Liferay...
NTLM and NTLMv2 in Liferay Portal 6.2
legacy
Issue The question is whether Liferay Portal 6.2 supports NTLM and NTLMv2 Environment Liferay Portal 6.2 Resolution The library used in Liferay Portal 6.2 supports both NTLM and NTLMv2 There is a property that can...
Session Management in Liferay
legacy
Issue How the sessions are managed in Liferay and what are all the different types to configure the same. Also, whether the Liferay session work for the javascript disabled browsers? Environment Liferay DXP...
Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ? Is it supported ?
legacy
Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment...
Forgot Password is not popped up with an error when providing an email address that doesn't exist in the DB
legacy
Issue In the 'Forgot Password' option, while trying to provide an email id that doesn't exist in the database, the user can proceed to answer the security question. Whereas an error is not popped up saying the user's...
Is there a way to allow upper cases in a screen name?
legacy
Issue Is there any way to ensure that a user's screen name maintains the same capitalization that is present in the AD (Active Directory) when the user is imported into Liferay? Environment Liferay DXP 7.2...
Any user who has not securely logged out will have their session terminated?
legacy
Issue Terminating the session of any user who has not properly logged out, for example, who has unexpectedly closed the transaction window, etc. This user does not have to wait for the default time-out to be...
Password verification needed at time of changing user screen name & email address
legacy
Issue Password verification is required whenever a user needs to update its screen name or email address Environment Liferay DXP 7.3 Resolution A feature request has been already created in order to add a toggle for...
When Setting Okta up as an SSO for Liferay PaaS, how can I generate IdP metadata in Okta without first having SP metadata?
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The documentation for setting up an SSO with Liferay PaaS...
Does the Encryption Key that is generated per company id for the Liferay Installation ever change?
legacy
Issue Does the Encryption Key that is generated per company id for the Liferay Installation ever change? Environment Liferay 7.2 Resolution The following portal properties will alter the encryption key for a Liferay...
How to create Custom attribute in MS Active Directory and configure in Liferay
legacy How To
Issue Is there any way to map a custom attribute in Liferay created from MS Active Directory? Environment Liferay Portal 6.2 Resolution Liferay provides an OOTB option to achieve the custom attribute...
Externalize Session Management
legacy
Issue  The session details should be stored in a centralized server so that it is shared with all the available nodes. Environment Liferay Portal 6.2 Resolution This is a specific business requirement that falls beyond...
Disable Admin password reset email notifications
legacy
Issue The user should not receive the email notification for the password change. Environment Liferay DXP 7.0 Resolution The requirement is not available out of the box in Liferay. If you want to achieve this...
How to configure liferay to invoke web services with Digest Auth
legacy How To
Issue How to configure Liferay to invoke web services with Digest Auth and use it in a client. As example we'll use POSTMAN Environment Liferay DXP 7.1+ Resolution As example, we are going to configure the access to...
OpenID Connect does not work with Azure AD B2C
legacy Troubleshooting
Please note that this Fast Track applies to versions before our Quarterly Release 2024.Q1. From Quarterly Release 2024.Q1 on, this function is enabled as described in LPD-9397. Please...
How do I add Captcha in Sign in Portlet?
legacy
Issue I would like to add Captcha in Sign in Portlet, as I can do in Create Account and Forgot Password options. Environment DXP 7.3 Resolution Unfortunately, there is no out-of-the-box feature to enable Captcha...
How to Setup HTTPS on Tomcat for Liferay Portal 6.2 and DXP 7.0
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products....