Search Results

Issue Application Server errors at times may identify software, software versioning and hint at how user input is processed. This sample trace to demonstrate was triggered by having invalid characters (namely a set of square brackets '[ ]' ) in a given URL. Tomcat considers the address...

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue There has been a documented case where Commerce modules fail to deploy following license expiration and redeployment WARN...

Issue After applying the workaround indicated in this Security Advisory LSV-545: Unauthenticated Remote code execution via JSONWS (CVE-2020-7961), every client-side web service call to the JSONWS-API is failing: json.web.service.enabled=false This does not allow users to set Tags,...

Issue In DXP 7.3, new users have to verify their email address in their initial login. I want to disable this verification requirement. Environment DXP 7.3   Resolution In DXP 7.3, the default value for company.security.strangers.verify= has been changed to true. Set it back to...

Issue Got the error saml-hook.war does not support this version of Liferay in log after deploying the SAML 2.0 lpkg (version 6.0.0) on DXP 7.1 fix pack dxp-18 Environment Liferay DXP 7.1 Resolution The root cause for this error is that the incorrect SAML 2.0 lpkg version was deployed. To...

Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message. ERROR [http-nio-8080-exec-36][BaseSamlStrutsAction:59] org.opensaml.messaging.handler.MessageHandlerException: Message context was not authenticated Caused by:...

Issue During the configuration of Apache DS I encountered an issue that resulted in an IOException that interfered with starting the LDAP server: ERROR [org.apache.directory.server.wrapper.ApacheDsTanukiWrapper] - Failed to start the service....

Issue Once the SAML is configured the Landing Page redirection is not redirecting to the desired page. Environment Liferay DXP 7.1 Resolution The pre and post-login actions (like DefaultLandingPage actions) are not compatible with AutoLogin solutions (like SAML). These pre and post-login...

Issue Upon installation of security-hotfix-lsv-45 in Liferay Portal bundled with JBoss, a "Failed to define class" error is generated in the Liferay logs. Failed to define class com.liferay.portal.security.xml.SecureXMLFactoryProviderImpl in Module "deployment.ROOT.war:main" from Service...

Environment Liferay DXP 7.0-7.3 Oracle Identity Cloud Service OpenID Connect authentication enabled Symptom When OpenID Connect authentication is enabled in Liferay DXP and Oracle Identity Cloud Service (IDCS) is the configured provider, the following error may occur and users are not...

Issue Sensitive system information may be seen in HTTP 400 - Bad Response status Environment DXP 7.0   DXP 7.1   DXP 7.2 Resolution The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to...

Issue Seeing some slowness authenticating with LDAP after upgrading from 6.2 to 7.2. Environment DXP 7.2 [Upgraded from 6.2] Resolution Install Fix Pack 9 or a hotfix that includes LPS-122832 and run the upgrade process again. LPS-122832 reports and fixes the behavior that several...

Issue Insecure default configuration may allow remote attackers to enumerate users' email addresses via the forgot password functionality. This can be a risk in the case of public-facing deployments. Environment Liferay DXP 6.2 EE Liferay DXP 7.0-7.2 Resolution It is recommended to set...

Issue SAML authentication is being used in DXP 7.0. After upgrading the DXP 7.0 to any higher version, how to configure SAML in the upgraded environment? Environment Liferay DXP 7.1 Liferay DXP 7.2 Resolution Post upgrade, the respective SAML tables will be carried from source version to...

Issue During installation of a fix pack, the value of <session-timeout> is reset to default within web.xml. Is the value of session timeout can be changed 'permanently'? Environment DXP 7.2 Resolution Currently, there is no out-of-the-box option to achieve this on DXP - the web.xml is...

Issue As part of the SAML configuration, it is possible to generate a Certificate and a Private Key. This generates both a self-signed key and a container storekey (in $LIFERAY_HOME/data/keystore.jks by default). How to use a different key instead of the default one? Environment Liferay...

Issue After upgrading Liferay from Liferay DXP 7.0 to Liferay DXP 7.2, SAML is no longer working and users are no longer able to authenticate using SAML. It is possible that the following error will also appear in the logs in the Identity Provider as well as the Service Provider,...

Issue Custom FreeMarker and Velocity templates generate the following error after installing a fix pack: Denied resolving class [...] by org.apache Environment Liferay DXP 7.0 FP92+ Liferay DXP 7.1 FP18+/SP5+ Liferay DXP 7.2 FP6+/SP2+ Resolution The behavior originates from an...

Issue On Liferay Portal 6.2, p_p_auth token is exposed in the URL. It might be considered as a security risk. Environment Liferay Portal 6.2 Resolution No attacker or other user can use p_p_auth token, only a legitimate user is able to apply it. Therefore, leaking the token has no value...

Issue The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry Environment Liferay 7.0 as IdP Resolution  Service Providers (SP) only receive a maximum validity date contained in the SAML...