Search Results

Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server should enable TLS 1.2 or...

Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth. Environment Liferay DXP 7.2 Resolution This might be caused when SSL is getting...

Issue Liferay is configured as a SAML Service Provider. When trying to sign in to Liferay it is not possible and the following error is shown in the logs: 2022-01-20 11:50:38.554 ERROR [default task-391][BaseSamlStrutsAction:56] com.liferay.saml.runtime.exception.AudienceException:...

Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt) Request Type: x-www-form-urlencoded URL:...

Issue During the time of portal login using the LDAP users, the user('s) are able to log in successfully, LDAP connections have an active connection but observed the below warnings in the Liferay log.  2021-12-17 01:26:37.412 WARN  [tomcat-http--20][DefaultPortalLDAP:178] Unable to bind...

Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message. ERROR [http-nio-8080-exec-36][BaseSamlStrutsAction:59] org.opensaml.messaging.handler.MessageHandlerException: Message context was not authenticated Caused by:...

Issue We want to set up MFA for Administrators only. Is this possible with Liferay out-of-the-box? Can we target specific users to sign in using multi-factor authentication? Environment DXP 7.4 DXP 7.3 DXP 7.2   Resolution Liferay's out-of-the-box functionality for MFA is binary in its...

Issue Sometimes we need to modify or restrict the length or URL Liferay generates ( for example for security custom solutions ) but Liferay has no out of the box solution for that. Environment DXP 7.2 Resolution The invoke filter handles the topic. The limit is 4000 chars and it can be...

Issue How to enable CSRF Token in order to prevent CSRF attacks in Liferay? Environment Liferay DXP 7.2 Resolution Liferay's p_auth token protects against CSRF and is enabled by default. Here is the main code that handles the CSRF...

Issue The Guest language ID cookie in Liferay has a one-year expiration, whereas the undefined cookie in the F5 balancer caused the conflict. Is there a way to modify the Cookie's duration in Liferay? Environment Liferay DXP 7.0 Resolution The...

Issue As dtsa cookies are detected, are these cookies URLs cause for concern? Is there any information concerning these cookies in relation to Liferay? Use Case: As Liferay generated dtSa cookies contain the characters '||',  the user wants to whitelist them. Also, if special characters...

Issue The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.  Use Case: The user would like to be able to set/configure the default timeout value to whatever they want instead of having it...

Issue SAML configuration hasn't been working since the virtual host of the portal instance changed. Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not at org.opensaml.ws.security.provider.HTTPRule.evaluateSecured(HTTPRule.java:126)...

Issue After the user changes the password in Microsoft Active Directory (AD), the user can still log into Liferay using the old password. If enabling "Required" option, the issue can be resolved. But users created manually in Liferay (not imported from AD) can not sign into Liferay...

Issue Liferay protects itself against CSRF attacks by generating the p_auth authorization token. How can this token be created? Environment DXP 7.0, 7.1, 7.2, 7.3 Resolution When "auth.token.check.enabled=true" is set in portal-ext.properties, the auth token (p_auth value) is generated...

Issue Is there a way to automatically remove users from Liferay who are no longer in LDAP? Environment Liferay DXP 7.1 Resolution There's no automated process to do this out of the box. However, a feature request for the same has already been submitted and can be tracked here LPS-69061...

Issue During a penetration test, a Cross Site Scripting Vulnerability may be reported, indicating that you can inject a script into the refererPlid parameter or into the _com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName parameter.   Environment Liferay DXP 7.3   Resolution...

Issue Duplicate error messages show up when resetting the password Steps to reproduce: 1. Start and set up Liferay DXP 7.3 SP1 using the setup wizard. The email can be set as test@liferay.com and the password as a test. 2. Set up an SMTP client to listen to emails. For example: here,...

Issue There is a use case in which a subset of users are meant to bypass SAML SSO and login directly to the Liferay SP. On Liferay 7.2 dxp-8, users successfully used the following URL to achieve this:...

Issue After configuring and enabling a Token Based SSO in our 7.2 environment (upgraded from 7.0), users are now unable to log out, and they are instead redirected to the home page (still logged in). In our 7.0 environment using the same SSO configurations, our users were logged out as...