Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Is it Possible to Require an Administrator to Enter Their Password When Changing a User's Password?
legacy
Issue When I want to updates a user's password as an administrator, the system does not require to re-enter my own password for authentication. This is inconsistent with other actions, such as updating a screen...
Web Content Templates cache Absolute image URLs, not Relative URLs
legacy Troubleshooting
Issue The templates cache absolute image URLs instead of relative URLs. Environment 2024.Q1.12, 2024.Q1.18 Resolution Upgrade to 2024.Q2.0+ or Request a hotfix with LPD-23196, knowledgeArticleType: troubleshooting,...
Does Liferay have an Attestation of Compliance to be PCI certified?
legacy
Issue We are in the process of reviewing application compliance and want to know if Liferay has an attestation of compliance (related to PCI), specifically the Payment Card Industry Data Security Standard? Environment...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch...
Workflow Task URL for Unauthorized User Returns 404 Instead of Login Page
legacy Troubleshooting
Issue When an unauthorized user attempts to access a workflow task URL, they are shown a 404 error page instead of being redirected to the login page. This issue specifically occurs when the URL follows the...
OAuth2 Token sometimes gets 401 response
legacy Troubleshooting
Issue Sometimes users are unable to log in because their OAuth2 tokens receive a 401 "Unauthorized" response. This seems to happen randomly, and the tokens should be valid. Environment Liferay DXP Resolution...
Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP
legacy Troubleshooting
Issue Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP We found this article and had a hotfix with LPS-76246 We found that the fix is not applied correctly. Environment Liferay DXP 7.3...
Time-Based Authenticator QR Code Not Populating
legacy Troubleshooting
Issue When trying to set up the QR Code for MFA settings, following this documentation Multi-Factor Authentication Checkers, we've found that the QR code doesn't populate. It should be populating under "Shared...
Node.js Version for Client Extension Development and Handling Security Vulnerabilities
legacy
Issue When developing client extensions with React for Liferay DXP 2024.Q4 or newer, what is the recommended Node.js version? The official compatibility matrix suggests Node.js version 20.12.2, but this version...
Logging to application always taking to home page instead of request url
legacy Troubleshooting
Issue We are encountering an issue where users are consistently redirected to the application's homepage immediately following SAML authentication, even when an alternative page was initially requested. Environment...
B2C SSO Configuration with OpenID Connect Not Working
legacy Troubleshooting
Issue Setting up Business-to-Consumer (B2C) single sign-on (SSO) configuration with Liferay using OpenID Connect (OIDC) in Azure AD B2C is not working as expected. After enabling OpenID under Instance Settings in...
Is Liferay affected by CVE-2024-6783?
legacy
Issue After performing a security scan, a Vue.js vulnerability reported as CVE-2024-6783 is identified. Environment Liferay DXP 7.4 - Quarterly Releases Resolution Liferay is not impacted by CVE-2024-6783 as Liferay DXP...
Application Accept Special Characters in Input Fields
legacy
Issue The application accepts special characters in input fields. Ex: " ' ` * ; % _ = & | \ ? ~ < > ^ () [] {} $ \n\ Steps to Reproduce: 1. Start Liferay server. 2. Navigate to the user’s profile. 3. Click on...
Liferay Marketplace App Manager Web XSS Vulnerability (CVE-2025-4388)
legacy Troubleshooting
Issue A reflected cross-site scripting (XSS) vulnerability (CVE-2025-4388) in /o/marketplace-app-manager-web/icon.jsp allows a remote non-authenticated attacker to inject JavaScript into the...
Step-by-Step SAML Integration with Liferay and Keycloak
legacy How To
Issue Is Keycloak supported with Liferay? If yes, how can SAML be configured with Liferay? Environment Lifeary DXP [All versions] Resolution As per Liferay’s official compatibility matrix, Keycloak is not listed as a...
I received the following error in the log: Feature flag LPD-10588 is not available for company 0
legacy Troubleshooting
Issue After upgrading to 2025.q1.6-lts, I received the following error in the log: Feature flag LPD-10588 is not available for company 0 Environment Liferay Quarterly Release 2025.q1.6-lts Resolution The case has been...
Re-enabling Basic Authentication when Unable to Access the DXP Control Panel
legacy How To
Issue My Basic Authentication was disabled at the Instance Level, and now I am unable to access the DXP Portal because of it. How do I re-enable Basic Authentication without logging in?   Environment Quarterly...
Callback URL of OAuth2 application created via client extension resets after server restart
legacy
Issue After restarting the server, the callback URL for OAuth2 applications created via client extensions, gets reset to the default @protocol@://localhost@port-with-colon@/o/oauth2/redirect, instead of the...
Cross-Site Scripting: Reflected
legacy
Issue A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not...
Authenticated users with no permission to access Control Panel can navigate to /control_panel/manage with the message: Please select a tool from the left menu.
legacy
Issue I have an issue with authenticated users who do not have privilege to access the Control Panel. A user with no specific role (Only User role), when navigating to /control_panel/manage gets redirected to a page...
Changes to Site Templates are not propagated to pages
legacy Troubleshooting
Issue Changes made to a site template are not propagated to the pages that use the template. We can see the next error in the server log: [LayoutSetPrototypeMergeBackgroundTaskExecutor:219] Merge fail count...
Organization's users exposed in UI when modifying groupID in Request Body
legacy Troubleshooting
Issue An organization's member list can be seen by manipulating the role member assign(groupID) in a request. Here are the steps to reproduce: Setup browser proxy to 127.0.0.1:8180. For example with Chrome, navigate to...
Is Liferay Affected by CVE-2025-29927?
legacy
Issue Is Liferay affected by vulnerability CVE-2025-29927?   Environment Liferay DXP Quarterly Releases   Resolution The vulnerability CVE-2025-29927 is related to Next.js, a technology not used by Liferay as a...
Property "redirect.url.security.mode" has invalid value: domain,domain
legacy Troubleshooting
Issue After setting the property redirect.url.security.mode=domain we are now seeing WARN messages such as Property "redirect.url.security.mode" has invalid value: domain,domain Environment Liferay DXP Resolution Please...
Security scan detected a "Reference to Windows file path is present in HTML"
legacy Troubleshooting
Issue Our security scan detected a "Reference to Windows file path is present in HTML" in the following URL:...
Audit portlet only available for Administrators
legacy How To
Issue After upgrading to U78+ you might encounter a behavior where the Audit portlet is only available for Administrators, whereas before U78 you could create a regular role with access to it The reason behind this...
Can we set different instance configurations on sites?
legacy
Issue Can we have different instance level settings like One-Time-Password or Multi-Factor Authentication configurations applied on different sites in the same virtual instance? Environment DXP 7.3+ Resolution The...
How to configure email sender and email logging for Multi-Factor Authentication?
legacy How To
Issue I would like to understand where sender email address for Multi-Factor Authentication comes from. I would like to set the log levels so I can see when emails are sent. Environment Liferay DXP 7.4 Resolution Set...
"Unable to extend the HTTP session" WARN logs
legacy Troubleshooting
Issue These warnings are frequently found in the logs:  Unable to extend the HTTP session. or Unable to extend the HTTP session. Review the portal property "session.timeout" if this warning is displayed...
Session lost on page redirect using POST method when request header is SameSite=LAX
legacy Troubleshooting
Issue The problem is happening when using POST method to receive data from another portal on a different domain, which is considered unsafe when request header is SameSite=LAX, that because if this header is not...
Is it possible to add additional columns to the CSV Log Message Formatter system setting?
legacy
Issue While looking into configuring CSV Log Auditing for an environment, our team noticed that the CSV Log Message Formatter system setting (within System Settings > Audit) has +/- buttons to add/remove columns. Is...
HttpOnly flag in JSESSIONID cookie using JBOSS application server
legacy Troubleshooting
Issue JSESSIONID cookie does not contain the HttpOnly flag. Environment Liferay Portal 6.2 JBOSS Resolution You need to change it on your application server configuration, in the...
Existing users password encryption algorithm is not updated on password reset
legacy Troubleshooting
Issue The password encryption algorithm of existing users is not being updated after doing a password reset. Environment DXP 7.4 Resolution To resolve this behavior, open a help center ticket to request a hotfix...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
Is there a limit to the number of IdPs registered?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
Search in Control Panel > Audit makes long URL
legacy
Issue A search in Control Panel > Security > Audit always sends empty search parameters in the GET URL. As a result, URLs are very long and can be blocked by firewall-infrastructure. Steps to reproduce: Navigate to...
Detected vulnerabilities related to Jettison
legacy Troubleshooting
Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote -...
Behavior when a session expires while posting on the bulletin board
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
How to change the number of digits in the CSRF token parameter "p_auth
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
The screen name cannot be an email address or a reserved word
legacy Troubleshooting
Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate...
How to protect against CVE-2022-41853 vulnerability
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?   Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3   Resolution CVE-2022-41853 : This...
Liferay Security Scanning
legacy
Issue What procedures does Liferay follow to perform security scanning? Environment Liferay DXP Resolution Liferay uses DAST and SAST tools for scanning. Pen test and manual code reviews are performed as well....
Link doesn't work in Knowledge base when a non-standard protocol is chosen.
legacy Troubleshooting
Issue When adding the notes:// protocol to a link in Knowledge Base, AntiSamy removes it and displays it as text. Environment Liferay DXP 7.2, 7.3 Resolution By default, everything is sanitized by AntiSamy, with 3...
Are Unique Email Addresses Required for Authentication
legacy
Issue Our company has a few external clients whose users have unique screen names, but all share one email address. This is causing various conflicts such as two users being unable to sign in simultaneously. The error...
How to Login after Blacklisting the Sign-In Portlet
legacy Troubleshooting
Issue We Blacklisted the Sign-In Portlet with a third-party authentication application and the admin logins were not synchronized in the process and so now we can no longer access our environment. How can we restore...
Local Liferay Admin Users unable to authenticate when LDAP is Configured on Virtual Instance
legacy How To
Issue When a main Liferay instance and a second virtual instance are both connected to the same LDAP server, local Liferay admin users are unable to log in when the “Required” box is checked. In the case where the LDAP...
SAML IDP is unable to initiate SLO
legacy Troubleshooting
Issue SAML Identity Provider is unable to initiate Single Log Out Notes 1. Set the different virtual hosts as below as an example 127.0.0.1www.bbb.com (For IDP) 127.0.0.1www.sp.com (For SP) 2. Using thetest...
Records are not removed from samlspsession table if the user closes the browser instead of logging out
legacy Troubleshooting
Issue Records are not removed from `samlspsession` table if the user closes the browser instead of logging out. Steps to reproduce: 1. Setup two instances of Liferay to use SAML - one as IDP and one as SP....
Resource and Global scopes tabs are not listing under oAuth2 administration scopes
legacy How To
Issue I not see the Resource and Global Sub-tabs under the Scopes tab on Oauth2 clients (in Control Panel/ OAuth2 Administration) Environment 7.3+ Resolution After https://issues.liferay.com/browse/LPS-105158 the scope...
Can both Liferay and LDAP Password policies be enabled at the same time?
legacy
Issue Is there a way to make both of Liferay and LDAP policies work together, so that users logging via Liferay authentication will be handled by Liferay's password policies and users authenticating...
EU Login via OpenID Connect needs Proof Key for Code Exchange (PKCE)
legacy
Issue I would like to integrate my portal with an EU Login mock server instance via OpenID Connect It does not work since the OpenID connect server needs Proof Key for Code Exchange (PKCE) After configuration, when I am...
LDAP Import Enabled under SAML settings
legacy
Issue What is the actual functionality of LDAP Import Enabledunder SAML settings Environment Liferay DXP 7.2, 7.3, 7.4 SAML Resolution Checking LDAP Import Enabled under SAML settings affects 3 functions:...
Authentication flow in Liferay when LDAP is enabled
legacy
Issue Liferay is configured to use LDAP When Liferay Authentication will happen? When LDAP Authentication will happen? Environment Liferay DXP 7.0 -7.4 Resolution LDAP authentication always happens before...
I would like to control email notifications to Liferay strangers.
legacy How To
Issue How are strangers defined by Liferay? How can I control email notifications to strangers upon signup? Environment DXP 7.3+ Resolution The SAML property defining unknown users as strangers was introduced in DXP 7.3....
How to get rid of SSLHandshakeException?
legacy Troubleshooting
Issue When trying to access the site URL, the console displays the following exception, and the site is inaccessible. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshakefailure...
Need to hide Liferay Auth token as it is visible in Page source
legacy
Issue When using the burp suite tool to intercept traffic, the Liferay Auth token is visible in the Page Source, which could make the environment vulnerable in the user's view. Environment Liferay DXP 7.0+ Resolution...
When logging in with an OpenID Provider, the portal shows "Internal Server Error"
legacy Troubleshooting
Issue When configuring an OpenID Provider and trying to log in with an user, the callback to the portal shows an error message similar to the one below: Internal Server Error An error occurred while...
Is Liferay creating cookies site base?
legacy
Issue Is Liferay creating a cookies site base? If so, where exactly on the Liferay server would all the cookies be physically kept?  Environment Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4...
Users who are not registered with Liferay application are able to log in
legacy Troubleshooting
Issue Users who are not registered with the Liferay application are able to log in even though they have no connections. Environment Liferay DXP 7.0 to 7.4 Resolution Users log into Liferay DXP by using...