Search Results

Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header Missing ”Strict-Transport-Security” header  Missing cross-origin resource...

Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java Cryptography     # Extension documentation.     #    ...

Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed so it is not possible to remotely configure them via APIs. Additional...

Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by SimpleCaptcha contain alphanumeric combinations it is possible to configure them...

Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already secured with the following headers and it is enabled by default. These values are found...

Issue Symptom: CVE-2016-3714 - Insufficient shell characters filtering leads to potentially remote-code-execution vulnerability in ImageMagick. Environment  ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1  Resolution Liferay does not endorse or support any specific third-party...

Issue What configuration is needed in Liferay so that the nested groups and the users are imported from AD? Environment DXP 7.2 DXP 7.1 DXP 7.0 Resolution Change the User attribute of the Group Mapping in the LDAP server configuration page to member:1.2.840.113556.1.4.1941:.   Additional...

Issue When any user logs into the portal, they see the user profile of another user instead of seeing their own profile. Environment Liferay DXP 7.0 Resolution There are usually two root causes for the reported behavior: 1. Session ID conflict, and 2. Incorrect cache configuration....

Issue Does Liferay's OpenID Connect implementation support Single Logout? Environment Liferay DXP 7.1/7.2 Resolution Liferay's current OpenID Connect (OIDC) integration only implements parts of the Final specifications, specifically "Core" and "Discovery". While single-logout (SLO)...

Issue One user's session is accessed by knowing the respective user's JSessionID. Steps for reference: 1) 2 users (say: User A and User B) 2) User "A" logs-in to the system 3) Now, user "A" has one Jession ID(0D13262EDECBA19E93D5A753FC34E03A) and shares his JSessionID to user "B" 4)...

Issue When SAML is enabled, logging out from "SITE A" is not redirecting/stays at the respective site's home page itself.  Environment Liferay DXP 7.1 SAML plugin Resolution The ideal scenario is authentication functions at the entire portal level and not at the site level due to which...

Issue Users who are present in LDAP are unable to perform login into Liferay and the below error was observed at the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable to import user CN=abdulfar: null:null:{samaccountname=sAMAccountName: abdulfar}...

Issue Does Liferay DXP 7.1 support the following HTTP headers: "X-Frame-Options", "X-XSS-Protection" and "X-Content-Type-Options"? If not, what changes have to be done from the application side to enable the same Environment Liferay DXP 7.1 Resolution Liferay portal is already secured...

Issue Due to some security vulnerable in TLS v1.0, it should be upgraded to TLS v1.2.  1. Does Liferay DXP 7.1 support TLS v1.2? 2. If it supports, then how to use/upgrade the same in Liferay DXP 7.1? Environment Liferay DXP 7.1 Resolution Liferay 7.1 supports TLS v1.2 as it requires...

Issue Unable to import LDAP telephoneNumber (in Microsoft Active Directory) into Liferay Contact Information -> Phone Numbers on the Contact page. Environment Liferay DXP 7.1 Resolution Only attributes listed in ContactModel.java can be imported through LDAP "contact mapping". Since...

Issue When users are trying to access to portal using https protocol, portal is redirecting to http protocol and pages are not showed right. Https protocol was configured in load balancers and application servers but not in Liferay portal. Environment Liferay DXP 7.1 Application server:...

Issue Users are unable to login through NTML due to the following WARN: 2019-08-29 05:55:28.671 WARN [http-nio-8080-exec-5][Netlogon:104] Unable to authenticate user emma: Logon failure: unknown user name or bad password. Environment Liferay DXP 7.0 Liferay DXP 7.1 Resolution The error...

Issue When a user tries to log in to Liferay via Liferay's default Sign-In portlet, the user's password shows in the browser console as a plain text. Environment Liferay DXP 7.0-7.4 Resolution This is not a Liferay issue. When submitting the login credentials in the browser, the browser...

Issue We configured 2 Liferay Servers in my machine, one as Service Provider and the other as Identity Provider. We managed to perform the login through IdP. The issue happens when we try to logout the user in SP. Environment Liferay DXP 7.0, Liferay DXP 7.1 Resolution If IdP and SP use...

Issue After LPS-98420, there might be a mismatch between the real LDAP Import trigger time and Import Interval set on instance settings. For example: Set “System Settings -> LDAP -> Import Interval” to 2. Set “Instance Settings -> LDAP -> Import Interval” to 3. Expected Result: The...