Site Search - Liferay Learn

I want to skip OpenID Connect provider selector at sign in if there is only one provider

Issue We want to bypass the client selection screen because there is only one OpenID Client to choose. Environment Quarterly Releases Resolution There is a Feature Request opened for this which is currently under...

Is Liferay Vulnerable to CVE-2023-45960?

legacy

Issue I would like to know if Liferay is vulnerable to CVE-2023-45960? Is Liferay affected by CVE-2023-45960? Environment Quarterly Release 2024.Q1.7 Resolution The NIST listing for CVE-2023-45960 has been withdrawn and...

User profile is visible when accessing the /web/test

legacy Troubleshooting

Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...

Password syntax checking error does not appear when configuring with Minimum Lowercase 1 when creating a new account

Troubleshooting

Issue I have an issue with checking the password syntax. When they configure the password syntax with Minimum Lowercase 1, Minimum Symbols 1, and Minimum Uppercase 1, try to create an account for a guest user, type a...

Login URL Parameters Reported as Security Threat

legacy Troubleshooting

Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...

Can Liferay pass User Roles to the Service Provider?

legacy

Issue In a SAML configuration where Liferay acts as the Identity Provider, is Liferay able to pass its User Roles to the Service Provider? Environment Liferay 7.4 Resolution Yes, it is possible. Liferay will send...

Is there a release date for implementing the Content Security Policy (CSP) at Liferay?

legacy

Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...

Getting BadPaddingException errors in the logs after an upgrade

legacy Troubleshooting

Issue After upgrading Liferay DXP, javax.crypto.BadPaddingException errors appear in the logs when using 'Auto Login' feature ('Remember me'). Example error message: ERROR [AutoLoginFilter:247] Current URL /home...

"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page

legacy Troubleshooting

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When accessing the OAuth2 authorization URL...

Unexpected SAML calls: com.liferay.saml.internal.servlet.filter.SpSessionTerminationSamlPortalFilter.doProcessFilter

legacy Troubleshooting

Issue When navigating through the portal with SAML disabled, there are a few SAML-related filters that are still being processed, leading to database calls and causing slower performance. at...

Is it possible to offer both SAML and OIDC as SSO options?

legacy How To

Issue Both SAML and OpenID Connect(OIDC) can be configured on the same Liferay instance. However, the option to authenticate using OIDC is missing whenever SAML is enabled. Is it possible for a user to select either SSO...

Vulnerabilities reported in classes generated by Liferay Service Builder

legacy Troubleshooting

Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...

How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?

legacy How To

NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...

Vulnerability CVE-2024-52046 in Liferay DXP

legacy How To

Issue Is Liferay vulnerable to the vulnerability described in CVE-2024-52046? Environment Liferay DXP 7.3 and above Resolution Liferay uses the affected Apache Mina library (`mina-core`) only in LDAP-related code. If...

SAML Logout Issues: Multiple Login Entries and Optimistic Locking Exceptions

legacy Troubleshooting

Issue When a user logs out after authenticating via SAML, multiple login entries might be recorded in the audit logs. This can lead to HibernateOptimisticLockingException errors, particularly during...

SAML Authentication Error: "This message decoder only supports the HTTP POST method

legacy Troubleshooting

Issue The following SAML errors appear in the Liferay logs: ERROR [http-nio-8080-exec-5][BaseSamlStrutsAction:53] org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the...

In SAML setup user is not getting login in the SP and receiving warning on the UI

legacy Troubleshooting

Issue After setting up the SAML process, the user tries to log in receiving the warning below and not being logged in. Environment Liferay 2023.Q4.0 Resolution If users are setting up an identity provider as...

LIFERAY.HEADLESS.DELIVERY scope missing or delayed in OAuth 2 applications

legacy Troubleshooting

Issue The LIFERAY.HEADLESS.DELIVERY scope is missing or delayed in appearing when creating or managing OAuth 2 applications. The issue can occur intermittently, with the scope sometimes appearing after a delay of...

Audit Events filtered by date/time are not being exported accurately

legacy Troubleshooting

Issue When using using the Audit Export Feature, filters for date and time are not applied accurately in the resulting CSV file. The exported file may not include entries explicitly requested by the filter. For...

User did not provide a valid CSRF token Error

Troubleshooting

Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...

Search Results