Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
LFR_SESSION_STATE cookies are not marked as HttpOnly
legacy
Issue LFR_SESSION_STATE cookies are not marked as HttpOnly Environment Liferay DXP, Liferay 6.2 Resolution This is not a security issue because this cookie is created and used in session.js which is the portal's Javascript. ...
How Can I Assign Roles to Users When Importing from LDAP?
legacy Troubleshooting
Issue When importing users to Liferay DXP from LDAP, they are not being assigned the roles I want them to have from my LDAP server. Environment Liferay DXP LDAP Resolution In Liferay DXP, Users are...
Lodash Security Vulnerability in Theme Dependencies
legacy
Issue In the Liferay theme dependencies, Lodash versions 3.10.1 and below are used extensively as dependencies throughout. Versions of Lodash prior to 4.17.5 suffer from a security risk: CVE-2018-3721...
Generating SAML Metadata with HTTPS
legacy How To
Issue This article documents how to generate a SAML metadata XML file that also has HTTPS enabled. Environment Liferay Portal 6.2, DXP 7.0, DXP 7.1 Any web server  Resolution In order to generate a SAML metadata.xml...
Why are user accounts shared when I have multiple LDAP servers configured?
legacy Troubleshooting
Issue When a Liferay DXP bundle is configured to communicate with two or more LDAP servers there can be issues with user importing and users logging in. Example: If Liferay DXP is communicating with two LDAP...
Updated Email Addresses in LDAP are not Imported to Liferay DXP 7.0
legacy How To
Issue This article documents a product limitation and a possible workaround for importing a user whose email address was updated in LDAP into a Liferay DXP instance. Environment Liferay DXP  LDAP server Resolution This...
Using MS ADFS & Liferay SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Remove the Ability to Add JavaScript in the Control Panel's Site Pages
legacy How To
Issue Disable the ability to add JavaScript to pages on DXP 7.0 and thus prevent malicious code injections. Environment  DXP 7.0 Fix Pack 60+ This functionality was introduced in DXP 7.0 Fix Pack 60 Resolution Install...
Deployment of SAML plugin does not display SAML admin screen
legacy Troubleshooting
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Event/Use...
The Forget Password page is vulnerable to CSRF attack
legacy
Issue The Forget Password form can be re-submitted with different cookies which lead to the CSRF issue. Environment Liferay DXP 7.2 Resolution This is considered as a False Positive, as the user is not logged into...
Why p_p_auth token is exposed in the URL? Could it be a security risk?
legacy
Issue On Liferay Portal 6.2, p_p_auth token is exposed in the URL. It might be considered as a security risk. Environment Liferay Portal 6.2 Resolution No attacker or other user can use p_p_auth token, only a...
SAML logout when session expires
legacy
Issue The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry Environment Liferay 7.0 as IdP Resolution  Service...
How to configure validation directives in AntiSamy
legacy Troubleshooting
Issue When trying to import content between sites, i.e. knowledge base, a validation error arises: An unexpected error occurred with the publication process. Please check your portal and publishing configuration....
How to review User Permissions on Freemarker and Velocity templates
legacy How To
Issue After applying the fix for LSV-658, how can I see which users have permissions for (which) Freemarker/Velocity templates, i.e. via the user interface or by a database query? The Mitigation Notes of LSV-658...
Page version control information is accessible in sitemap.xml
legacy
Issue Page version control information is accessible in sitemap.xml - such information shall not be exposed for security reasons. Reproduction: 1) Start up bundle 2) Access sitemap...
Changing password forces users to log in again
legacy Troubleshooting
Issue Changing password invalidates current sessions and the users have to log in again. 2020-02-07 13:08:37.558 ERROR [http-nio-8080-exec-2][PortletServlet:112] javax.portlet.PortletException:...
Session Hijacking issue with https connection
legacy
Issue By replacing the sessionId of a logged-in user, the user's session from another browser is replicated. Steps to reproduce Create 2 users like u1, u2 Assign the role for the u1 as "Power user", u2 as "Portal...
Integration of SiteMinder SSO
legacy How To
Issue How to integrate the SiteMinder SSO with Liferay Environment Liferay DXP 7.0 Resolution By default, Token based authentication is disabled in the Liferay. To manage the same, refer to this document Token-based...
Using Active directory, after changing the user password, still user is able to login using the old password
legacy Troubleshooting
Issue Using Active directory, after changing the user password, still, a user is able to login using the old password Environment Liferay portal 6.2  Resolution Under Control Panel -> Portal Settings ->...
404 error when downloading module "com.liferay.saml.opensaml.integration" from Release Notes page
legacy Troubleshooting
Issue Getting a 404 error when downloading module "com.liferay.saml.opensaml.integration" from Release Notes page. Environment Liferay DXP 7.2 Resolution The module for  "com.liferay.saml.opensaml.integration" can be...