Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Liferay as SAML SP fails after switching the URL of the virtual instance
legacy Troubleshooting
Issue SAML configuration hasn't been working since the virtual host of the portal instance changed. Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not...
How to prevent an AD user from logging into Liferay using the old password if LDAP authentication cannot set to be required
legacy Troubleshooting
Issue After the user changes the password in Microsoft Active Directory (AD), the user can still log into Liferay using the old password. If enabling "Required" option, the issue can be resolved. But users created manually...
How can the p_auth authorization token be generated?
legacy
Issue Liferay protects itself against CSRF attacks by generating the p_auth authorization token. How can this token be created? Environment DXP 7.0, 7.1, 7.2, 7.3 Resolution When "auth.token.check.enabled=true" is set in...
Automated process to remove users from Liferay that are no longer in LDAP?
legacy How To
Issue Is there a way to automatically remove users from Liferay who are no longer in LDAP? Environment Liferay DXP 7.1 Resolution There's no automated process to do this out of the box. However, a feature request...
Cross Site Scripting Vulnerability report on refererPlid or other parameters
legacy
Issue During a penetration test, a Cross Site Scripting Vulnerability may be reported, indicating that you can inject a script into the refererPlid parameter or into the...
When resetting a password, duplicate error messages appear
legacy Troubleshooting
Issue Duplicate error messages show up when resetting the password Steps to reproduce: 1. Start and set up Liferay DXP 7.3 SP1 using the setup wizard. The email can be set as test@liferay.com and the password as a...
The behavior of bypassing SAML SSO has changed
legacy Troubleshooting
Issue There is a use case in which a subset of users are meant to bypass SAML SSO and login directly to the Liferay SP. On Liferay 7.2 dxp-8, users successfully used the following URL to achieve this:...
Enabling both Liferay's default login and SAML login so that users can use either option
legacy How To
Issue I would like to configure and enable SAML login while also having Liferay's default login available to users so that they can have two options for logging in. Environment DXP 7.4+ Quarterly Release Resolution...
Is Liferay Vulnerable to CVE-2023-45960?
legacy
Issue I would like to know if Liferay is vulnerable to CVE-2023-45960?  Is Liferay affected by CVE-2023-45960? Environment Quarterly Release 2024.Q1.7 Resolution The NIST listing for CVE-2023-45960 has been withdrawn and...
High CPU and memory use with stacktraces associated to password encryption
legacy Troubleshooting
Issue The environment starts using a large amount of CPU and also memory. Reviewing thread dumps taking during that time, there are many threads associated to PBKDF2PasswordEncryptor.encrypt, such as:...
I want to skip OpenID Connect provider selector at sign in if there is only one provider
legacy Troubleshooting
Issue We want to bypass the client selection screen because there is only one OpenID Client to choose.   Environment Quarterly Releases   Resolution There is a Feature Request opened for this which is currently under...
Vulnerabilities for spring-web and spring-core
legacy
Issue Vulnerabilities remain unresolved in spring-web and spring-core, even after a fix was applied to spring-context. For spring-web: Vulnerable component: org.springframework:spring-web:5.3.39 For spring-core:...
Enabling real-time antivirus scanning without asynchronous background scans
legacy How To
Issue We would like to enable real-time antivirus scanning for uploaded files but disable asynchronous background scanning of the document library. The issue arises because: Enabling...
Audit Events filtered by date/time are not being exported accurately
legacy Troubleshooting
Issue When using using the Audit Export Feature, filters for date and time are not applied accurately in the resulting CSV file. The exported file may not include entries explicitly requested by the filter. For...
Resolving 401 Errors When Using Authorization Bearer Tokens in RestBuilder APIs
legacy Troubleshooting
Issue When making calls to a REST API service created with RestBuilder that includes the Authorization Bearer token header, the responses often return a 401 Unauthorized status. However, when the same service is...
Is Session Prediction Possible in Liferay
legacy
Issue Is it possible an attacker could predict the JSESSIONID and gain unauthorized access, referencing an example from a 'Session Prediction' article? Explanation of Issue Using the "Catalog" Page in Postman: If a...
How to implement a token system instead of using credentials to access remote services
legacy How To
Issue Trying to write a custom remote service using Liferay (ServiceImpl file), so which method may be used to authenticate using a token rather than credentials? Environment Liferay DXP 7.4 Resolution Liferay has...
Is There A Way To Verify ClamAV Integration With Liferay?
legacy Troubleshooting
Issue We followed the instructions below to enable document virus scanning, but we do not see any way to confirm the ClamAV integration was successful or that file scans are occurring when new files are uploaded to...
AntiSamy sanitizer cleans some of the HTML tags and styles, how can we solve that?
legacy Troubleshooting
Issue We turned on AntiSamy but it removes certain HTML code and CSS styles from our Web Content articles. Environment DXP 7.0+ Resolution Usage of HTML and CSS in Web Content article HTML fields Web content articles...
ORA-12899 because OpenID access token is too large
legacy
Issue We store several things in our OpenID access token and when a user tries to log in, it fails because the token size exceeds the 3000-character limit specified in the ACCESSTOKEN column of the...