Search Results

All Results 51
Sort By
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Integrate Okta with Liferay DXP using OpenID Connect
How To
Introduction This recipe guides you through the steps to integrate Okta, your Identity Provider (IdP), with your Liferay environment using OpenID Connect. Prerequisites Okta Dev account Liferay DXP environment Administrative...
Captcha API Basics
Official Documentation
Captcha API Basics Liferay provides a headless API to retrieve and submit captchas using the SimpleCAPTCHA engine. Using the /captcha endpoint from the API Explorer, you can add captchas in your...
SCIM Resource Type, Service Provider, and Schema Basics
Official Documentation
SCIM Resource Type, Service Provider, and Schema Basics Liferay DXP 2025.Q2+ Liferay provides a headless API to query the SCIM resource types, service providers, and schemas available. Use the...
SCIM Group API Basics
Official Documentation
SCIM Group API Basics Liferay DXP 2024.Q1+/Portal GA112+ Liferay provides a headless API to perform CRUD operations on SCIM groups to keep their information in sync with your company's...
SCIM User API Basics
Official Documentation
SCIM User API Basics Liferay DXP 2024.Q1+/Portal GA112+ Liferay provides a headless API to perform CRUD operations on SCIM users to keep their identity information in sync with your company's...
Using OAuth 2.0
Official Documentation
Using OAuth 2.0 OAuth 2.0 is an industry-standard authorization protocol. Users with accounts on a Liferay-based website can share select credentials with various clients seamlessly. OAuth 2.0...
Creating an OAuth2 Application
Official Documentation
Creating an OAuth2 Application When you have an application that can use OAuth 2.0 for authorization, you must register that application so Liferay can recognize it. Open the Global Menu...
Authorizing Account Access with OAuth2
Official Documentation
Authorizing Account Access with OAuth2 Once you have an application registered, you can start authorizing users. To do that, you must construct the URL to the authorization server (Liferay DXP)....
JSON Web Tokens (JWTs)
Official Documentation
JSON Web Tokens (JWTs) JSON Web Tokens (JWTs) represent encoded data. They are compact, self-contained, and secure. There are two primary types of JSON Web Tokens: Encrypted JWT: ensures the...
Client Secret JWT
Official Documentation
Client Secret JWT Liferay supports client secret JWT as an authentication method for OAuth 2 clients. In this flow, the client itself creates the assertion and signs it using the client secret....
Configuring the JWT Bearer Flow
Official Documentation
Configuring the JWT Bearer Flow The JWT Bearer flow trades a signed JWT from an external token service in exchange for an access token from Liferay. To use this flow, create an OAuth 2 client and...
Issuing JWT Access Tokens
Official Documentation
Issuing JWT Access Tokens Liferay DXP 7.4 U45+/GA45+ You can configure Liferay to issue access tokens in the JWT format from System Settings. Enabling JWT Tokens Open the Global Menu...
JSON Web Token Assertions
Official Documentation
JSON Web Token Assertions An assertion helps in sharing identity and security information across different domains. There are two uses for assertions: Authorization grants Client authentication...
Using Private Key JWT (JSON Web Token)
Official Documentation
Using Private Key JWT (JSON Web Token) Liferay supports private key JWT as an authentication method for OAuth 2 clients. In this flow, the client itself creates the assertion. Liferay authenticates...
OAuth 2 Scopes
Official Documentation
OAuth 2 Scopes In OAuth 2.0, applications are granted access to limited subsets of user data. These are called scopes (not to be confused with Liferay scopes). You can create them in two ways: ...
Using OAuth2 to Authorize Users
Official Documentation
Using OAuth2 to Authorize Users You can create applications that access Liferay's headless REST APIs using the OAuth 2.0 authorization protocol. The provided sample React app demonstrates three...
Security and Administration
Official Documentation
Security and Administration After installation comes configuration. There are three areas you should examine carefully before opening your system to users: Security Administration Settings ...
Audit Framework
Official Documentation
Audit Framework Liferay's audit framework shows activities relating to users, user groups, organizations, roles, multi-factor authentication, and objects (definitions, fields, actions, layouts,...
Audit Configuration Reference
Official Documentation
Audit Configuration Reference Configuration settings for audits are available at a system scope. You can find these settings by opening the Global Menu (Global Menu) and navigating to Control Panel...
Searching and Exporting Audit Events
Official Documentation
Searching and Exporting Audit Events The audit application comes with simple and advanced searching capabilities. To use the simple search, you can enter a search term and click the magnifying...
User Authentication
Official Documentation
User Authentication The User Authentication settings define how Users can authenticate, the various authentication methods that are required for them, and the screen names and email addresses that...
Authenticating with CAS (Central Authentication Service)
Official Documentation
Authenticating with CAS (Central Authentication Service) CAS was deprecated as of Liferay DXP 7.2 and removed as of Liferay DXP 7.4. Please use SAML instead. CAS is a widely used open source...
Authenticating with SAML
Official Documentation
Authenticating with SAML The SAML (Security Assertion Markup Language) adapter provides Single Sign On (SSO) and Single Log Off (SLO) in your deployment. SAML works by using Identity Providers...
Securing Sign-In
Official Documentation
Securing Sign-In The Sign-In widget calls the various mechanisms (the portal database, an LDAP server, a SAML identity provider, or any of the ways users can authenticate) that authenticate users....
Configuring Single Sign-On
Official Documentation
Configuring Single Sign-On Liferay Portal/DXP supports many ways of authenticating, from token-based solutions to standards such as OpenID Connect and SAML. With all the available options, you...
Authenticating with Kerberos
Official Documentation
Authenticating with Kerberos You can use Kerberos to authenticate Microsoft Windows™ accounts with Liferay DXP. This is done by using a combination of Liferay DXP's LDAP support and a web server...
Configuring Password Encryption Algorithms and Stored Password Formats
Official Documentation
Configuring Password Encryption Algorithms and Stored Password Formats Liferay encrypts passwords using an algorithm that aligns with the recommendations from the OWASP Password Storage Cheat...
Configuring Sign-In
Official Documentation
Configuring Sign-In By default, Liferay DXP uses the Sign In widget to authenticate users. The Sign In widget appears on the default home page at http[s]://[server-name:port]/web/guest/home. If...
Securing Liferay
Official Documentation
Securing Liferay Liferay is built with security in mind. This includes mitigation of common security vulnerabilities and exploits like those described by the OWASP Top 10 and the CWE/SANS Top 25. ...
Configuring Authentication Types
Official Documentation
Configuring Authentication Types Users can be configured to log in using one of three authentication types: Authentication TypeDescriptionUsed by Default? Screen NameDetermined by administrator or...
Multi-Factor Authentication Checkers
Official Documentation
Multi-Factor Authentication Checkers Liferay DXP 7.4 ships with two additional factor checkers for Multi-Factor Authentication. Both of them are disabled by default, because they're only useful in...
Fast IDentity Online 2
Official Documentation
Fast IDentity Online 2 Available: Liferay DXP/Portal 7.4+ The Fast IDentity Online 2 or FIDO2 standard allows for the use of biometrics (i.e., fingerprint readers), mobile devices, or other...
Using Multi-Factor Authentication
Official Documentation
Using Multi-Factor Authentication To enhance your installation's security, you should disable less secure, one-factor forms of authentication, such as Basic Auth, Digest Auth, and WebDAV. You can...
System for Cross-domain Identity Management (SCIM)
Official Documentation
System for Cross-domain Identity Management (SCIM) Liferay DXP 2024.Q1+ System for Cross-domain Identity Management or SCIM, is an open standard that automates user provisioning. In other words,...
Using OpenID Connect
Official Documentation
Using OpenID Connect OpenID Connect is a lightweight authentication layer that enables users to authenticate using accounts they have on other systems. It's built on top of the OAuth 2.0...
Configuring SAML at the System Level
Official Documentation
Configuring SAML at the System Level Before allowing any portal instances to enable SAML authentication, you should configure it at the system level so those instances have a foundation from which...
Configuring SAML at the Instance Level
Official Documentation
Configuring SAML at the Instance Level Each portal instance can be a SAML provider, either an Identity Provider (IdP) or a Service Provider (SP). Whichever role your DXP instance fills, you can...
Configuring Liferay Authentication With PingOne Using SAML
Official Documentation
Configuring Liferay Authentication With PingOne Using SAML This tutorial guides you through the basic steps needed to integrate PingOne, your Identity Provider (IdP), with your Liferay environment...
AntiSamy
Official Documentation
AntiSamy Liferay DXP includes an AntiSamy module that protects against user-entered malicious code. If your site allows users to post content in message boards, blogs, or other applications, these...
SAML Authentication Process Overview
Official Documentation
SAML Authentication Process Overview Both the IdP and the SP can initiate the Single Sign On process, and the SSO flow is different depending on each one. Regardless of how it's initiated, SSO is...