Search Results

Issue Steps to Reproduce: The json-smart.jar's can be found here: osgi/marketplace/Liferay%20Forms%20and%20Workflow%20-%20Liferay%20Dynamic%20Data%20Mapping%20-%20Impl.lpkg/com.liferay.dynamic.data.mapping.data.provider.impl-3.0.17.jar/lib/json-smart-2.2.1.jar...

This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of the box, but extra custom code is required to make it fully...

Issue The user session should be terminated immediately if they close the browser tab or window. Environment DXP 7.0 + Resolution Liferay maintains the session of 30 minutes by default and Liferay doesn't provide any such kind of OOTB feature or property to fulfill the business-specific...

Issue The reset connection option is missing on the License page in DXP 7.3 which is available on the previous releases. Environment Liferay DXP 7.3 GA1 Resolution This is a known limitation of the product that might be resolved in future versions of the Liferay. In order to resolve the...

Issue When changing the screen name or email address of a user, the portal now requires a password verification. This was not a requirement for previous versions of Liferay. Environment DXP 7.3+ Resolution This is a change implemented under LPS-112726 to address security concerns....

Issue When I try to create a new Virtual Instance, the portal displays the error "Your request failed to complete". The portal log shows the following error: ERROR [default task-29][EditInstanceMVCActionCommand:121]...

Issue LDAP settings can be imported into the Liferay environment using osgi/config files These settings are imported into System Settings, and can then be configured for an individual instance in Instance Settings When adding a LDAP server in Instance Settings, the password field is not...

Issue How can a CSP (content security policy) HTTP header that enables only specific external resources to be loaded in the frontend be implemented? Environment Liferay DXP 7.2 Resolution CSP is not currently supported by Liferay at the product level. Liferay DXP and its predecessor,...

Issue The HSTS header cannot completely defend against man-in-the-middle attacks. However, it can be useful in defending against an attack in which an attacker establishes an encrypted connection to the application and presents an unencrypted fraudulent service to the user. This is...

Issue The name of the technologies used, such as Apache Coyote, Tomcat, etc. are visible. Environment Liferay DXP 7.2, DXP 7.3 Resolution  Each application is responsible for allowing its information to be displayed but not Liferay. We can definitely restrict the Verbose related to...

The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay AntiSamy app depends on third party libraries that have known vulnerabilities. Affected Products Liferay AntiSamy 2.0.x (for Liferay Portal...

Issue The permissions system for an application (portlet) includes a security check when the application is going to be displayed in a page. Normally, the users should not be able to see applications if the administrator did not configured/added previously to that page. It is feasible to...

Issue NTLM SSO protocol has some vulnerabilities addressed by Microsoft in CVE-2020-1472 (external link), forcing to use the secure RPC connection. See also How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (external link). It's not possible...

Issue Unable to upload a file bigger than 10MB after enabling antivirus with the following error in the log 2021-07-19 08:35:43.476 ERROR [http-nio-8080-exec-9][PortletServlet:119] javax.portlet.PortletException: fi.solita.clamav.ClamAVSizeLimitException: Clamd size limit exceeded. Full...

The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay Fjord Theme and Liferay 1975 London Theme depend on third party libraries that have known vulnerabilities. These vulnerabilities affect the...

Issue Is there a way to find out how and by whom a user was created? Environment Liferay DXP 7.2 Resolution The steps below can be used to track user activity. Log in by 'Test' user (Admin User) Create a new user (Name: user1 u1, Screen Name: user1) and assign Administrator Role to it....

Issue This article outlines how to set up a Mail Server and SMTP in Liferay DXP to receive emails. Environment Liferay DXP 7.3 Resolution Liferay DXP uses a mail server and SMTP to get email notifications. Liferay DXP’s built-in mail session is the easiest way to configure mail and it’s...

Issue The question is whether Liferay Portal 6.2 supports NTLM and NTLMv2 Environment Liferay Portal 6.2 Resolution The library used in Liferay Portal 6.2 supports both NTLM and NTLMv2 There is a property that can be set in portal-ext.properties to control the LMCompatibility in the...

Issue How the sessions are managed in Liferay and what are all the different types to configure the same. Also, whether the Liferay session work for the javascript disabled browsers? Environment Liferay DXP 7.1 Resolution How sessions are managed in Liferay Application server will manage...

Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment Liferay portal 6.2 Resolution Note: Please choose to follow unofficial...

Issue In the 'Forgot Password' option, while trying to provide an email id that doesn't exist in the database, the user can proceed to answer the security question. Whereas an error is not popped up saying the user's email address does not exist. Also, in this case, the security question...

Issue Is there any way to ensure that a user's screen name maintains the same capitalization that is present in the AD (Active Directory) when the user is imported into Liferay? Environment Liferay DXP 7.2 Resolution In DXP, there is no out-of-the-box functionality to support capital...

Issue Terminating the session of any user who has not properly logged out, for example, who has unexpectedly closed the transaction window, etc. This user does not have to wait for the default time-out to be established before being able to log in again Environment Liferay 6.2 Resolution...

Issue Password verification is required whenever a user needs to update its screen name or email address Environment Liferay DXP 7.3 Resolution A feature request has been already created in order to add a toggle for enabling & disabling this password verification feature. Although the...

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The documentation for setting up an SSO with Liferay PaaS instructs clients to provide IdP metadata to the Liferay Cloud team before...

Issue Does the Encryption Key that is generated per company id for the Liferay Installation ever change? Environment Liferay 7.2 Resolution The following portal properties will alter the encryption key for a Liferay installation: # # Set this to the appropriate encryption algorithm to be...

Issue Is there any way to map a custom attribute in Liferay created from MS Active Directory? Environment Liferay Portal 6.2 Resolution Liferay provides an OOTB option to achieve the custom attribute mapping. # # When importing and exporting users, the portal will use this mapping to #...

Issue  The session details should be stored in a centralized server so that it is shared with all the available nodes. Environment Liferay Portal 6.2 Resolution This is a specific business requirement that falls beyond the scope of Liferay support as this is something which is related to...

Issue The user should not receive the email notification for the password change. Environment Liferay DXP 7.0 Resolution The requirement is not available out of the box in Liferay. If you want to achieve this functionality, you can achieve it through customization.  Additional...

Issue How to configure Liferay to invoke web services with Digest Auth and use it in a client. As example we'll use POSTMAN Environment Liferay DXP 7.1+ Resolution As example, we are going to configure the access to http://localhost:8080/api/jsonws/company/get-companies method in...

Please note that this Fast Track applies to versions before our Quarterly Release 2024.Q1. From Quarterly Release 2024.Q1 on, this function is enabled as described in LPD-9397. Please refer to Using OpenID Connect for more information. Issue OpenId Connect (OIDC) authentication does not...

Issue I would like to add Captcha in Sign in Portlet, as I can do in Create Account and Forgot Password options. Environment DXP 7.3 Resolution Unfortunately, there is no out-of-the-box feature to enable Captcha validation in the Sign in Portlet in the current version of Liferay....

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber. This article will...

Issue After deploying the SAML plugin in the Liferay instance, the SAML admin page displayed blank. Below Stack trace occurs in the log at the time of performing the above actions. 2021-03-23 19:14:22.610 WARN [ajp-nio-8009-exec-5][PortalImpl:1030] Redirect...

Issue By default, guest users are prompted to the login page when they are attempting to hit a url or access a resource that is protected and not available to guest users. I do not want guest users to be redirected to the login page.  Environment Liferay Portal  Liferay DXP Resolution...

Issue There are two locations within Liferay DXP where LDAP configurations can be set. One is the System Settings (Control Panel -> Configuration -> System Settings -> Security -> LDAP) and the other the Instance Settings (Control Panel -> Configuration -> Instance Settings -> Security...

Issue I would like to add multiple fields to the custom mappings section in my LDAP setup. Environment DXP 7.0 Resolution During LDAP setup, navigate to Control Panel > Configuration > Instance Settings, in the Configuration tab scroll down to Authentication > LDAP and select the Add...

Issue If I set passwords.default.policy.check.syntax=true in my portal-ext.properties file, I cannot create a New Virtual Instance I get an error in the logs: ERROR [ajp-nio-127.0.0.1-8009-exec-34][EditInstanceMVCActionCommand:121]...

Issue When using expando field as "Name Identifier Attribute Name=expando:concurid", user without Administrator role can not initiate SSO. Steps to reproduce: On IdP end Add a custom field 'field1' for user.  Go to SAML Admin > Service Provider Connections, make sure the "Name Identifier...

Issue Our team would like our staging managers to not be administrators, so we are only providing them with select permissions. However, publication attempts encounter errors such as:  ERROR [liferay/background_task-1][EventRemotePropagatorExportImportLifecycleListener:222] Unable to...