Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Not Found page seen instead of Login Prompt when logged out and navigating to private pages
legacy How To
Issue When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead. Environment DXP 7.4 Resolution In DXP 7.3, when users are not logged...
Users Fail to Import When First Name is Missing in LDAP
legacy
 This article discusses an apparent issue when Liferay Portal will throw a ContactFirstNameException error in the console. This error message appears when the first name is left out if importing a user from an LDAP...
How to configure HTTPS in Tomcat for Liferay DXP 7.3
legacy How To
Introduction Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding...
Using Shibboleth 3 as IdP + SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
LDAP Authentication and User Import/Export
legacy
This article provides an overview of LDAP integration with Liferay DXP 7.0. This content on authentication, user Import/Export, configurations, upgrade considerations and what has changed from previous Liferay...
Configuring Cookies' httpOnly Status
legacy How To
Description By default, the Liferay platform sets all of its cookies to httpOnly true in its portal.properties file (Liferay 6.2 and earlier) or in its system.properties (starting with Liferay 7.0) files. # #...
FAQ for LDAP on Liferay DXP
legacy
This document has been updated and ported to Liferay Learn and is no longer maintained here. This article documents some of the most frequently asked questions regarding the use of Lightweight Directory Access Protocol...
Possible LDAP NullPointerExceptions
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
Configuring reCAPTCHA v2 in Liferay Portal 6.2 EE
legacy How To
This article outlines how to configure reCAPTCHA version 2 in Liferay Portal 6.2.  Google is sunsetting reCAPTCHA v1 and as of March 2018 all v1 API calls will no longer work. In response to this "End of Life"...
Customer and Deployment Impact of Disabling TLS 1.0 for Inbound Traffic on Liferay Services
legacy
Due to vulnerabilities in the Transport Layer Security v1.0, Liferay has disabled TLS 1.0 for inbound secure connections on all systems and services on January 11, 2019. We previously announced in November 2018 that...
NTLM Browser Support
legacy
Affected Versions Liferay DXP 7.1 Liferay DXP 7.0 Liferay Portal 6.2 EE Liferay Portal 6.1 EE Integrating NTLM with Liferay products should only be done with Internet Explorer for...
AntiSamy Portlet Removes HTML Target Attributes
legacy How To
The AntiSamy portlet is meant to prevent XSS type attacks. One side effect however is that if an HTML target is used, then the portlet will remove it upon publishing the content. Steps to Reproduce Create Web...
Authentication Error When Logging In With Google Account
legacy Troubleshooting
This article documents an authentication error when attempting to log in to the portal instance using a google account. Listed below are the steps to resolve the issue or avoid it altogether. Resolution Error:...
Setup Guide for Liferay and WSO2 Identity Server SAML Integration
legacy How To
This guide shows you how to integrate Liferay Portal with WSO2's Identity Server. These are the basic settings with the goal of setting the user on the right track. Resolution Install,...
Is it possible to add additional columns to the CSV Log Message Formatter system setting?
legacy
Issue While looking into configuring CSV Log Auditing for an environment, our team noticed that the CSV Log Message Formatter system setting (within System Settings > Audit) has +/- buttons to add/remove columns. Is...
HttpOnly flag in JSESSIONID cookie using JBOSS application server
legacy Troubleshooting
Issue JSESSIONID cookie does not contain the HttpOnly flag. Environment Liferay Portal 6.2 JBOSS Resolution You need to change it on your application server configuration, in the...
Detected Vulnerabilities related to Struts
legacy
Issue A security scan has picked up the following vulnerabilities related to struts-core:  CVE-2012-1007, CVE-2014-0112 CVE-2014-0112: ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict...
Errors Suggesting a Search Bot Attack
legacy Troubleshooting
Issue We are seeing many abnormal errors in our Liferay catalina logs all of sudden. We have tried restarting, but the errors continue. What could these mean? ERROR [ajp-nio-0.0.0.0-8009-exec-19][MVCPortlet:557]...
Unable to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
legacy Troubleshooting
Issue Unable to connect to Open LDAP in DXP due to the following UI error Environment Liferay DXP 7.4 Resolution These errors typically occur when Liferay is unable to communicate with LDAP or when mapping mistakes...
How to set SameSite cookie attribute to Strict within Tomcat
How To
Issue How can I adjust the JSESSIONID cookie's SameSite attribute from None to Strict? Environment Liferay DXP 7.1 - 7.4 Resolution The JSessionID cookie's attributes are set by your application server or web...
How to update moment.js library
legacy Troubleshooting
Issue For security reasons we need to update the moment.js library from version 2.24.0 to version 2.29.4 How do I update the moment.js library in Liferay DXP? Security vulnerabilities in moment.js 2.24.0:...
SQL injection Sleepy user agent attack
legacy
Issue Liferay does not restrict a URL that has a 'sleepy user agent' query appended to it like: https://domain/page?1%2b(select*from(select(sleep(x)))a)%2b=1 Environment Liferay DXP 7.4 Resolution Sleepy user agent...
Disabling jQuery in Control Panel
legacy How To
Issue I've found vulnerabilities in our current jQuery version. Since I can't find jQuery used anywhere, I would like to disable it. Environment Liferay DXP 7.2 Resolution Go to Control Panel --> System Settings -->...
I am redirected to the home guest page after login with SAML
legacy Troubleshooting
Issue After logging in with SAML, I am redirected to the Home Page of a non-logged-in user. I am redirected back to the Portal login screen after login with SAML Environment Portal 6.2 DXP 7.0+ Resolution This can be...
Blank screen is seen after password reset
legacy Troubleshooting
Issue A blank screen (with url http://localhost:8080/c) is seen after user password is reset. The expected behavior after password reset is for users to A) be successfully redirected to Liferay home page and B) remain...
Can Liferay be affected by the IceApple framework?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue CrowdStrike’s Falcon Overwatch has discovered a...
COOKIE_SUPPORT & GUEST_LANGUAGE_ID are not marked as Secure
legacy
Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application...
Configuration of NTLMv2 with Liferay
legacy
Issue How to configure NTLMv2 in Liferay as there is no configuration available in Liferay control panel to differentiate the request/service Environment Liferay 6.x Liferay 7.0 and Liferay 7.1 Resolution...
User should be re-directed to the login page once the session expires
legacy How To
Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If...
Liferay Security Development Overview
legacy
This paper provides an overview of the processes used during development and testing of Liferay products. Combined, these processes ensure that Liferay’s customers can have confidence in the security and ongoing...
Troubleshooting SAML Single Log Out when SLO fails
legacy Troubleshooting
Issue User is not logged out from Liferay SAML when the instance has expired. Liferay Session Timeout is set to 30 minutes and SAML Session is to 90 minutes. When SLO is triggered, the user is still signed in....
Known Issue: Browser Ignores Disabled Autocomplete Property for Saving User Login Information
legacy
Issue After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password...
Known Issue: Security Scan Shows Liferay as a Potential Sharepoint Vulnerability - False Positive
legacy Troubleshooting
Issue There may be some instances where a security scan shows Liferay having a potential Sharepoint endpoint vulnerability. Specifically, the security scan's warning may be related to the /_vti_inf.html file. This is...
Existing users in Liferay can not login through SAML with "Screen name x must not be duplicate ..." error
legacy Troubleshooting
Issue If the user exists in Liferay (service provider), the user cannot log in through SAML due to duplicate screenname ERROR. 2019-04-23 04:29:45.758 ERROR [http-nio-18080-exec-7][BaseSamlStrutsAction:58] Screen name ccc...
Why does our internal server address appear when users authenticate against our SSO?
legacy
Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs...
AWS S3 Signature Version 2 Discontinued
legacy How To
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to process SAML SSO request
legacy Troubleshooting
Issue After configuring SAML SSO successfully, the user is unable to perform login and getting the following error in UI and Server console. UI Error:  "Unable to process SAML request" Server Console: ...
Security Statement on CVE-2019-11444: Disputed Groovy Script console vulnerability
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is...
Data Protection for Liferay Services and Software
legacy
This whitepaper describes the data protection policies of Liferay DXP and describes Liferay's approach to protect personal data in compliance with local regulatory requirements such as GDPR. The paper is available for...
Liferay DXP Application Security Features
legacy
This document provides an overview of application-level security features in Liferay DXP. It discusses transport security, encryption, web services, SSO, OAuth, and more.  The paper is available for download here.,...