Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Getting 'DuplicateSamlIdpSsoSessionException' in the Debug Logs
legacy Troubleshooting
Issue Users are facing intermittent login issues in the SAML environment; however, the below error is observed frequently in their log files: DEBUG [default task-73687][BaseSamlStrutsAction:61] null...
/language showing 403 forbidden url
legacy Troubleshooting
Issue When the user tries to access the URL: 'http://localhost:8080/language', even if the language page doesn't exist, it shows a 403 Forbidden error on UI instead of a 404 page not found. Logs error: ERROR...
Can we obfuscate HTML of the sites?
legacy
Issue I would like to increase our protection from man in the middle attacks by obfuscating our site's HTML. Is there a method for this already implemented in Liferay? Environment DXP 7.0+ Resolution There is no...
X-Xss-Protection response header is not working in DXP 7.4
legacy
Issue To enable X-Xss-Protection, add the below property in system-ext.properties http.header.secure.x.xss.protection=1; mode=block and restarted the server. But it is not working in the Liferay. Environment...
How to enable cookies and the banner, consent panel
legacy How To
Issue How to enable the cookie preference handling as well as the configuration options for both the banner and the consent panel. Environment Liferay DXP 7.4 Resolution This feature was introduced in the Liferay...
SAML Sessions remain Active despite Logout in Liferay
legacy Troubleshooting
Issue We have integrated SAML with our Liferay configuration. We have noticed that after a User logs out, their session remains active in Liferay. Environment Liferay DXP 7.3 Resolution This issue may occur if the...
/c/ redirects to login page
legacy
Issue When the user tries to access the URL: 'http://localhost:8080/c/', even if the 'c' page doesn't exist, it redirects to the login page instead of a 404 page not found. Environment Liferay DXP [all versions]...
Error "Invalid site key" when using reCAPTCHA v3
legacy Troubleshooting
Issue When configuring reCAPTCHA v3 and testing it on the "Forgot Password" page, the following error message is reported: "ERROR for site owner: Invalid site key". Environment Liferay DXP 7.2+ Resolution Liferay...
Error: Only known users are allowed to sign in using OpenID Connect.
legacy Troubleshooting
Issue You might encounter an error when using OpenID Connect, and users who are not yet been registered to Liferay are unable to login as they are identified as strangers. The error appears as the...
Log messages for Stored XSS vulnerabilities
legacy Troubleshooting
Issue We would like to know whether there are any strings to search for in log files, to check if any of the following vulnerabilities have been exploited in our environment? LSV-1237 / CVE-2023-42628 LSV-1236 /...
Security Vulnerability CVE-2023-28708
legacy How To
Issue This security vulnerability (CVE-2023-28708) has been reported, and it is fixed in Tomcat 9.0.72. However, our current Liferay DXP 7.3 SP1 has a 9.0.40 Tomcat version. Environment Liferay DXP 7.3 Resolution...
Access-control-allow-origin CORS Header not honoring System setting Configuration
legacy
Issue When configuring CORS headers in System Settings we are seeing that access-control-allow-origin header doesn't always have the configured value. Environment Liferay DXP 7.4 Resolution According to the...
Security Managers, Vul ID: V-222936 STIG 
legacy
Issue Vul ID: V-222936 STIG is flagged when Java Security Managers are not enabled. It states that "The Java Security Manager must be enabled." Environment  DXP 7.1 Resolution Liferay DXP does not currently support...
Duplicate user errors when setting up a SAML Authentication to replace an existing Token-Based SSO
legacy Troubleshooting
Issue When trying to set up a SAML authentication to replace existing Token-Based SSO, there are errors that populate stating that the user and/or email address is already in use.  A user with company 1xxxx and email...
Can I integrate an additional Captcha Engine?
legacy
Issue Currently, Liferay offers 2 Captcha Engines out of the box: Simple Captcha and Google reCaptcha 2 We would like to use another Captcha service.   Environment Liferay DXP 7.4   Resolution At the moment it is not...
Malware detected in Liferay Bundle - eicar.jpg
legacy
Issue We were notified of a possible malware infection. The location is my extracted source code of a Liferay DXP bundle. The file in question is eicar.jpg Environment Liferay DXP 7.4 Resolution EICAR files can...
The Liferay is vulnerable to the CVE-2023-4863?
legacy
Issue How can I mitigate vulnerability with CVE-2023-4863 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the libwebp library, so are not vulnerable to CVE-2023-4863. ...
Is Liferay vulnerable to CVE-2023-33946
legacy Troubleshooting
Issue I would like to know if Liferay is vulnerable to CVE-2023-33946? Environment Liferay DXP 7.4 U1-U48 Resolution Yes, the Liferay is vulnerable to this CVE, the resolution is update to Liferay 7.4 U49 (or...
Does Apache Log4j Vulnerability CVE-2021-44832 affect Liferay ?
legacy Troubleshooting
Issue The Liferay uses the log4j-core Library which was reported to have a vulnerability. Environment Liferay DXP 7.1 Liferay DXP 7.2 until fix-pack 16 Liferay DXP 7.3 until SP3 Resolution Yes, the Liferay is...
Vulnerability issues related to the EJS version in Fragments Toolkit
legacy Troubleshooting
Issue Vulnerability issues (ejs template injection vulnerability) were reported related to the EJS version inside the yarn.lock file while building fragments using the fragments toolkit. The EJS version is...
Setting sameSite attribute in Cookie for header response on JBoss EAP 7.2
legacy How To
Issue How to add the sameSite attribute as 'Strict' on the cookies JSESSIONID,COOKIE_SUPPORT,GUEST_LANGUAGE_ID on JBoss EAP 7.2 Environment Liferay DXP 7.4 JBoss EAP 7.2 Resolution In JBoss, navigate...
p_auth token missing from GET request
legacy
Issue After enabling CSRF Tokens, a p_auth token is appended to URLs, as expected. However, we noticed that if we manually remove this from the end of a URL and hit enter, we are still able to access the page,...
After enabling LDAP authentication, administrator users who do not exist in LDAP can log in
legacy
Issue We have enabled LDAP authentication, checking it as required and we have unchecked Ignore User Search Filter for Authentication. With this configuration applied the administrator users can login even if...
Requests to Liferay with an invalid HOST request HTTP header returns the default site
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue Requests to Liferay with an invalid HOST request...
LDAP Related Queries
legacy
Issue If the password is changed in the Active Directory, the user will still be able to log in to DXP? If we delete the user from Active Directory, the user will still be able to log in to DXP? How to import/ export...
High CPU utilisation while using script to login users continuously
legacy Troubleshooting
Issue Facing high CPU utilization while logging-in high number of users per minute continuously (24x7) using username-password authentication, mostly while fetching data using some scripts. Environment Liferay DXP...
AntiSamy sanitizer cleans some of the HTML tags and styles, how can we solve that?
legacy Troubleshooting
Issue We turned on AntiSamy but it removes certain HTML code and CSS styles from our Web Content articles. Environment DXP 7.0+ Resolution Usage of HTML and CSS in Web Content article HTML fields Web content articles...
ORA-12899 because OpenID access token is too large
legacy
Issue We store several things in our OpenID access token and when a user tries to log in, it fails because the token size exceeds the 3000-character limit specified in the ACCESSTOKEN column of the...
How is AntiSamy configured?
legacy
Issue We configured AntiSamy to santize Web Content articles. We would like to understand how AntiSamy works and what parts are expected to be removed in Web Content articles. Environment DXP 7.0+ Resolution In the...
Can Liferay Support SP and IDP initiated SAML Simultaneously?
legacy
Issue Our team is the design phase for authentication and we want to know if Liferay supports IDP and SP initiated SAML logins at the same time?  Environment DXP 7.4 Resolution No, a single instance should not be both...
Force Authentication in SAML requiring reauthentication in SP
legacy How To
Issue With SAML and Force Authentication enabled, I am required to reauthenticate requests from the SP Environment DXP 7.3, 7.4 Resolution This behavior is intended, but to avoid manual reauthentication in this...
Captcha authentication via Headless API
legacy
Issue We have developed a Liferay fragment to collect user input via a custom-designed HTML form. This fragment interacts with custom Liferay objects through a Headless API using JS We have created a new role with the...
How long does the content remain in the CDN cache?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue What is the policy for cleaning and updating content...
Is there a way identify When was the user Deactivated and by Whom?
legacy How To
Issue Is there a possible way to find out when was the exact date the Liferay user was deactivated and by whom? Environment Liferay DXP 7.3 Liferay DXP 7.4 Resolution Please run the attached Groovy script to get a...
CSP headers are not working on DXP-7.4
legacy Troubleshooting
Issue Trying to attempt to work with the CSP feature, which is present in update 90 under feature flags, but users are still experiencing issues where they are unable to edit the page and it is continuously...
How to implement a token system instead of using credentials to access remote services
legacy How To
Issue Trying to write a custom remote service using Liferay (ServiceImpl file), so which method may be used to authenticate using a token rather than credentials? Environment Liferay DXP 7.4 Resolution Liferay has...
Is There A Way To Verify ClamAV Integration With Liferay?
legacy Troubleshooting
Issue We followed the instructions below to enable document virus scanning, but we do not see any way to confirm the ClamAV integration was successful or that file scans are occurring when new files are uploaded to...
How can I access OpenIdConnectProvider classes in 7.4 U34+?
legacy How To
Issue The Liferay classes com.liferay.portal.security.sso.openid.connect.OpenIdConnectProvider; and com.liferay.portal.security.sso.openid.connect.OpenIdConnectProviderRegistry; were removed in U34+...
Security Issue Concerning Google Guava Versions 1.0 to 32
legacy How To
Issue There is a present vulnerability with Google Guava that affects the versions from 1.0 to 31.1. Liferay is currently bundled with Guava. It has been reported that...
User enumeration attack via response time
legacy Troubleshooting
Issue It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing...