Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Disabling the Change Password Request When Users First Log In to Liferay
legacy How To
When a user first logs in to the Liferay Portal 6.1 EE, they are immediately prompted to change their password. Resolution While this request is the default setting, the setting can be...
Encryption keys can be used at Liferay
legacy How To
Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java...
Can SAML or LDAP be accessed via Liferay APIs?
legacy
Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed...
Configuring Liferay to display CAPTCHA's with numbers only - 7.2
Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by...
Is it possible to set different Authentication methods for different sites in the same portal instance
legacy
Issue Is it possible to set different Authentication methods for different sites in the same portal instance? Environment Liferay DXP 7.2 Resolution Currently, it is not possible to use different authentication methods...
Why the error "Failed to bind to the LDAP server with userDN" is thrown in the logs
legacy Troubleshooting
Issue What is the reason behind the following error which is thrown in the logs? [LDAPAuth:198] Failed to bind to the LDAP server with userDN CN=VERMA BRIJESH KUMAR...
Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers?
legacy How To
Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already...
Why can't I see the name of the resource in the Audit app?
legacy
Issue I am an Administrator in Liferay DXP Someone deleted an asset (for example an Organization) I check the events in the Audit app (Control Panel > Configuration > Audit) I open the delete event I can only see the...
Impact of Google Chrome 80 and changes in the default behavior of the SameSite cookie setting on SAML
legacy Troubleshooting
Issue Updated (May 31, 2021): The behavior is enabled by default since Chrome 84. Updated (April 3, 2020): Chrome is Temporarily rolling back SameSite Cookie Changes Updated (June 12, 2020): Added information about...
Why certain Security Headers are not included in the HTTP Request and Response of Liferay DXP
legacy
Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header...
No administrative options can be accessed when an F5 load balancer is in front of Liferay forcing a secure protocol
legacy Troubleshooting
Issue When a F5 load balancer is in front of Liferay and is forcing a secure protocol, no administrative options can be selected and accessed. On Liferay the following options are configured on the...
Why p_p_auth token is exposed in the URL? Could it be a security risk?
legacy
Issue On Liferay Portal 6.2, p_p_auth token is exposed in the URL. It might be considered as a security risk. Environment Liferay Portal 6.2 Resolution No attacker or other user can use p_p_auth token, only a...
The Forget Password page is vulnerable to CSRF attack
legacy
Issue The Forget Password form can be re-submitted with different cookies which lead to the CSRF issue. Environment Liferay DXP 7.2 Resolution This is considered as a False Positive, as the user is not logged into...
Page version control information is accessible in sitemap.xml
legacy
Issue Page version control information is accessible in sitemap.xml - such information shall not be exposed for security reasons. Reproduction: 1) Start up bundle 2) Access sitemap...
How to configure validation directives in AntiSamy
legacy Troubleshooting
Issue When trying to import content between sites, i.e. knowledge base, a validation error arises: An unexpected error occurred with the publication process. Please check your portal and publishing configuration....
How to review User Permissions on Freemarker and Velocity templates
legacy How To
Issue After applying the fix for LSV-658, how can I see which users have permissions for (which) Freemarker/Velocity templates, i.e. via the user interface or by a database query? The Mitigation Notes of LSV-658...
Integration of SiteMinder SSO
legacy How To
Issue How to integrate the SiteMinder SSO with Liferay Environment Liferay DXP 7.0 Resolution By default, Token based authentication is disabled in the Liferay. To manage the same, refer to this document Token-based...
Using Active directory, after changing the user password, still user is able to login using the old password
legacy Troubleshooting
Issue Using Active directory, after changing the user password, still, a user is able to login using the old password Environment Liferay portal 6.2  Resolution Under Control Panel -> Portal Settings ->...
SAML logout when session expires
legacy
Issue The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry Environment Liferay 7.0 as IdP Resolution  Service...
Session Hijacking issue with https connection
legacy
Issue By replacing the sessionId of a logged-in user, the user's session from another browser is replicated. Steps to reproduce Create 2 users like u1, u2 Assign the role for the u1 as "Power user", u2 as "Portal...