Documentation

Authentication Basics

By default, Liferay DXP uses the Sign In widget to authenticate users.

Note

The Sign In widget appears on the default home page at http[s]://[server-name:port]/web/guest/home. If the Sign In widget is unavailable on any page, it can be accessed directly via its URL: http[s]://[server-name:port]/c/portal/login.

The default Liferay home page

You can configure other methods of authenticating users and/or applications:

Authentication Verifiers can manage authentication for remote applications, and Authentication Pipelines define the ways users are validated by one or several systems.

Authentication Types

Users can be configured to log in using one of three authentication types:

Authentication Type Description Used by Default?
Screen Name Determined by administrator or user at account creation No
Email Address Determined by administrator or user at account creation Yes
User ID Automatically generated when the account is created No

Note

Only one authentication type can be used at a time.

Regardless of the authentication type, users must always enter a password. You can create Password Policies to define password length, password format, expiration periods, and more.

Authentication Type can be configured through the Control Panel or a properties file.

Configuring Authentication Type Through the Control Panel

  1. Navigate to the Control Panel

  2. Click on ConfigurationInstance SettingsPlatformUser Authentication

  3. Choose an option under the How do users authenticate? selector.

    You can select from three types of authentication.

Configuring Authentication Type Using Properties

To use the portal-ext.properties file, paste in the below properties and uncomment the desired authentication type:

company.security.auth.type=emailAddress
#company.security.auth.type=screenName
#company.security.auth.type=userId

Using and Configuring the Sign In Widget

The Sign In widget calls the various mechanisms (the portal database, an LDAP server, a SAML identity provider, or any of the ways users can authenticate) that authenticate users. Its behavior can be configured and customized in several ways.

Disabling Guest Account Creation

To prevent guest users from creating new user accounts:

  1. Navigate to the Control Panel → ConfigurationInstance SettingsPlatformUser Authentication.

  2. Un-check Allow strangers to create accounts?.

  3. Click Save.

    Guests can't create accounts if this box is unchecked.

Preventing Password Resets

If users should not be able to reset their own passwords, you can configure this from the same screen:

  1. Navigate to the Control Panel → ConfigurationInstance SettingsPlatformUser Authentication.

  2. Uncheck Allow users to request password reset links?.

  3. Click Save.

Configuring CAPTCHA or reCAPTCHA

Prevent bots from creating and logging into accounts by enabling CAPTCHA or reCAPTCHA:

  1. Navigate to the Control Panel → ConfigurationSystem SettingsSecurity ToolsCAPTCHA.

    CAPTCHA is enabled by default.

    Note

    By default, Create Account CAPTCHA and Send Password CAPTCHA are enabled. If necessary, enable Message Boards CAPTCHA.

  2. Choose a CAPTCHA engine. By default, Simple CAPTCHA is enabled. You can also select Google’s reCAPTCHA, which requires you configure the external service separately. If you select reCAPTCHA, supply your public and private key from Google.

  3. The other options allow developers to customize the Simple CAPTCHA engine.

  4. Click Save when finished.