Search Results

Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header  Missing ”X-XSS Protection” header  Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header Missing ”Strict-Transport-Security” header  Missing cross-origin resource...

Issue How to disable/stop using DES as it possesses Security Threat.  Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are:  # For more details about encryption keys, see the Java Cryptography     # Extension documentation.     #    ...

Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed so it is not possible to remotely configure them via APIs. Additional...

Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by SimpleCaptcha contain alphanumeric combinations it is possible to configure them...

Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already secured with the following headers and it is enabled by default. These values are found...

Issue Symptom: CVE-2016-3714 - Insufficient shell characters filtering leads to potentially remote-code-execution vulnerability in ImageMagick. Environment  ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1  Resolution Liferay does not endorse or support any specific third-party...

Issue What configuration is needed in Liferay so that the nested groups and the users are imported from AD? Environment DXP 7.2 DXP 7.1 DXP 7.0 Resolution Change the User attribute of the Group Mapping in the LDAP server configuration page to member:1.2.840.113556.1.4.1941:.   Additional...

Issue When any user logs into the portal, they see the user profile of another user instead of seeing their own profile. Environment Liferay DXP 7.0 Resolution There are usually two root causes for the reported behavior: 1. Session ID conflict, and 2. Incorrect cache configuration....

Issue Does Liferay's OpenID Connect implementation support Single Logout? Environment Liferay DXP 7.1/7.2 Resolution Liferay's current OpenID Connect (OIDC) integration only implements parts of the Final specifications, specifically "Core" and "Discovery". While single-logout (SLO)...

Issue One user's session is accessed by knowing the respective user's JSessionID. Steps for reference: 1) 2 users (say: User A and User B) 2) User "A" logs-in to the system 3) Now, user "A" has one Jession ID(0D13262EDECBA19E93D5A753FC34E03A) and shares his JSessionID to user "B" 4)...

Issue When SAML is enabled, logging out from "SITE A" is not redirecting/stays at the respective site's home page itself.  Environment Liferay DXP 7.1 SAML plugin Resolution The ideal scenario is authentication functions at the entire portal level and not at the site level due to which...

Issue Users who are present in LDAP are unable to perform login into Liferay and the below error was observed at the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable to import user CN=abdulfar: null:null:{samaccountname=sAMAccountName: abdulfar}...

Issue Does Liferay DXP 7.1 support the following HTTP headers: "X-Frame-Options", "X-XSS-Protection" and "X-Content-Type-Options"? If not, what changes have to be done from the application side to enable the same Environment Liferay DXP 7.1 Resolution Liferay portal is already secured...

Issue Due to some security vulnerable in TLS v1.0, it should be upgraded to TLS v1.2.  1. Does Liferay DXP 7.1 support TLS v1.2? 2. If it supports, then how to use/upgrade the same in Liferay DXP 7.1? Environment Liferay DXP 7.1 Resolution Liferay 7.1 supports TLS v1.2 as it requires...

Issue Unable to import LDAP telephoneNumber (in Microsoft Active Directory) into Liferay Contact Information -> Phone Numbers on the Contact page. Environment Liferay DXP 7.1 Resolution Only attributes listed in ContactModel.java can be imported through LDAP "contact mapping". Since...

Issue When users are trying to access to portal using https protocol, portal is redirecting to http protocol and pages are not showed right. Https protocol was configured in load balancers and application servers but not in Liferay portal. Environment Liferay DXP 7.1 Application server:...

Issue Users are unable to login through NTML due to the following WARN: 2019-08-29 05:55:28.671 WARN [http-nio-8080-exec-5][Netlogon:104] Unable to authenticate user emma: Logon failure: unknown user name or bad password. Environment Liferay DXP 7.0 Liferay DXP 7.1 Resolution The error...

Issue When a user tries to log in to Liferay via Liferay's default Sign-In portlet, the user's password shows in the browser console as a plain text. Environment Liferay DXP 7.0-7.4 Resolution This is not a Liferay issue. When submitting the login credentials in the browser, the browser...

Issue We configured 2 Liferay Servers in my machine, one as Service Provider and the other as Identity Provider. We managed to perform the login through IdP. The issue happens when we try to logout the user in SP. Environment Liferay DXP 7.0, Liferay DXP 7.1 Resolution If IdP and SP use...

Issue After LPS-98420, there might be a mismatch between the real LDAP Import trigger time and Import Interval set on instance settings. For example: Set “System Settings -> LDAP -> Import Interval” to 2. Set “Instance Settings -> LDAP -> Import Interval” to 3. Expected Result: The...

Issue When invoking Liferay JSON Web Service to do the searching, you may encounter errors like the following: com.liferay.portal.kernel.dao.orm.ORMException: org.hibernate.exception.SQLGrammarException: could not execute query user lacks privilege or object not found:...

Issue If the LDAP is configured and when the LDAP users are trying to log in, authentication fails and started getting the following error in the server console. ERROR [liferay/scheduler_dispatch-4][PortalLDAPImporterImpl:717] Unable to import user CN=makansal:...

Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message in UI and in Server console. UI: "Unable to handle SAML Request" Server Console:  ERROR [http-nio-443-exec-81][BaseSamlStrutsAction:54]...

Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the SAML is enabled is not currently available as an out of the box feature in...

Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the LDAP users to login using the defined value in the "Default User Password" field...

Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack Security [Elastic Stack 6.x].lpkg to deploy folder here:...

Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...) without having to reload the whole page. Therefore serveResource...

Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment Liferay Quarterly Release and 7.4. Liferay DXP 7.0, 7.1, 7.2, 7.3...

Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this location: Control Panel > Configuration > System Settings > Bundle Blacklist To...

Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific HTML/CSS fragments and removes suspect JavaScript code from them. This means...

Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed certificates on localhost) Use Docker Use Nginx Resolution Download and...

Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are obtained from Oracle's Tech Network, and is intended for subscribers...

Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled for specific actions via the property # "auth.token.ignore.actions" or for...

Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1 Resolution Currently, the p_auth token is generated based on the user...

Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set a New Password" text has been removed intentionally (LPS-58716)...

Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on a specific URL.  Environment Liferay 6.2 Liferay DXP Resolution Upload the XML...

Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see: Uncaught TypeError: component.simulate is not a function Environment Liferay...

Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials with encryption format in LDAP request i.e. ldaps://ipaddress:port Additional...

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In addition to updating the OpenSSL version on theweb server and AP...

Issue After configuring SAML SSO successfully, the user is unable to perform login and getting the following error in UI and Server console. UI Error:  "Unable to process SAML request" Server Console:  ERROR [http-nio-8080-exec-1][MandatoryAuthenticatedMessageRule:37] Inbound message...