Search Results

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue AWS S3 signature version 2 is scheduled to be discontinued, will this...

Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application Server settings. When a request comes from a secure channel (e.g.,...

Issue How to configure NTLMv2 in Liferay as there is no configuration available in Liferay control panel to differentiate the request/service Environment Liferay 6.x Liferay 7.0 and Liferay 7.1 Resolution Liferay has provided the option 'NTLM' (under Control Panel -> Configuration ->...

Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If you want the user to directly go to the login page on the session...

Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is an expected feature where script execution is restricted to those with...

This whitepaper describes the data protection policies of Liferay DXP and describes Liferay's approach to protect personal data in compliance with local regulatory requirements such as GDPR. The paper is available for download here., content:...

This document provides an overview of application-level security features in Liferay DXP. It discusses transport security, encryption, web services, SSO, OAuth, and more.  The paper is available for download here., content:...

This paper provides an overview of the processes used during development and testing of Liferay products. Combined, these processes ensure that Liferay’s customers can have confidence in the security and ongoing reliability of Liferay products, including Liferay DXP. The paper is...

Issue User is not logged out from Liferay SAML when the instance has expired. Liferay Session Timeout is set to 30 minutes and SAML Session is to 90 minutes. When SLO is triggered, the user is still signed in. Environment Liferay DXP 7.0, 7.1 Liferay Portal 6.2 Resolution SAML Session...

Issue After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password autocomplete or autofill. Resolution This is due to a lack of consensus...

Issue There may be some instances where a security scan shows Liferay having a potential Sharepoint endpoint vulnerability. Specifically, the security scan's warning may be related to the /_vti_inf.html file. This is actually a false-positive considering Liferay is not a Sharepoint...

Issue If the user exists in Liferay (service provider), the user cannot log in through SAML due to duplicate screenname ERROR. 2019-04-23 04:29:45.758 ERROR [http-nio-18080-exec-7][BaseSamlStrutsAction:58] Screen name ccc must not be duplicate but is already used by user 34863 After...

Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs despite there being a web server/load balancer/proxy in front of the...

Issue LFR_SESSION_STATE cookies are not marked as HttpOnly Environment Liferay DXP, Liferay 6.2 Resolution This is not a security issue because this cookie is created and used in session.js which is the portal's Javascript.  _cookieKey: 'LFR_SESSION_STATE_' + themeDisplay.getUserId()...

Issue When importing users to Liferay DXP from LDAP, they are not being assigned the roles I want them to have from my LDAP server. Environment Liferay DXP LDAP Resolution In Liferay DXP, Users are imported from LDAP by Group In Liferay, create a User Group in Liferay with the same name...

Issue In the Liferay theme dependencies, Lodash versions 3.10.1 and below are used extensively as dependencies throughout. Versions of Lodash prior to 4.17.5 suffer from a security risk: CVE-2018-3721 Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay Theme Generator Resolution Impact...

Issue This article documents how to generate a SAML metadata XML file that also has HTTPS enabled. Environment Liferay Portal 6.2, DXP 7.0, DXP 7.1 Any web server  Resolution In order to generate a SAML metadata.xml file that has HTTPS enabled, the following steps are necessary: Generate...

Issue When a Liferay DXP bundle is configured to communicate with two or more LDAP servers there can be issues with user importing and users logging in. Example: If Liferay DXP is communicating with two LDAP servers, and each of those servers has a user with a screenname of jsmith, then...

Issue This article documents a product limitation and a possible workaround for importing a user whose email address was updated in LDAP into a Liferay DXP instance. Environment Liferay DXP  LDAP server Resolution This is actually a limitation and intended behavior. By default, Liferay...

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber. This article documents a...

Issue Disable the ability to add JavaScript to pages on DXP 7.0 and thus prevent malicious code injections. Environment  DXP 7.0 Fix Pack 60+ This functionality was introduced in DXP 7.0 Fix Pack 60 Resolution Install DXP 7.0 Fix Pack 60 or higher. In the portal-ext.properties, add the...

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Event/Use Case I downloaded the "Liferay Connector to SAML 2.0" from...

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber. This article documents a...

 This article discusses an apparent issue when Liferay Portal will throw a ContactFirstNameException error in the console. This error message appears when the first name is left out if importing a user from an LDAP server. Resolution This behavior is intended for Liferay Portal. Liferay...

This article provides an overview of LDAP integration with Liferay DXP 7.0. This content on authentication, user Import/Export, configurations, upgrade considerations and what has changed from previous Liferay Portal versions, is intended to help readers successfully integrate LDAP with...

Description By default, the Liferay platform sets all of its cookies to httpOnly true in its portal.properties file (Liferay 6.2 and earlier) or in its system.properties (starting with Liferay 7.0) files. # # HTTP only cookies are not supposed to be exposed to client-side scripting #...

Introduction Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber. This...

This document has been updated and ported to Liferay Learn and is no longer maintained here. This article documents some of the most frequently asked questions regarding the use of Lightweight Directory Access Protocol (LDAP) to manage users in Liferay DXP. Specifically, the aim of this...

This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When setting up LDAP in the portal-ext.properties, NullPointerException errors may be thrown if settings are not...

This article outlines how to configure reCAPTCHA version 2 in Liferay Portal 6.2.  Google is sunsetting reCAPTCHA v1 and as of March 2018 all v1 API calls will no longer work. In response to this "End of Life" announcement, Liferay Portal 6.2 EE has been updated in LPS-55941 (LPE-16253)...

Affected Versions Liferay DXP 7.1 Liferay DXP 7.0 Liferay Portal 6.2 EE Liferay Portal 6.1 EE Integrating NTLM with Liferay products should only be done with Internet Explorer for these affected versions due to security vulnerabilities. Microsoft has not made any updates to NTLM with the...

Due to vulnerabilities in the Transport Layer Security v1.0, Liferay has disabled TLS 1.0 for inbound secure connections on all systems and services on January 11, 2019. We previously announced in November 2018 that Liferay will be disabling TLS 1.0 for inbound secure connections on all...

This article documents an authentication error when attempting to log in to the portal instance using a google account. Listed below are the steps to resolve the issue or avoid it altogether. Resolution Error: redirect_uri_mismatch Summary: After the user has been authenticated with...

The AntiSamy portlet is meant to prevent XSS type attacks. One side effect however is that if an HTML target is used, then the portlet will remove it upon publishing the content. Steps to Reproduce Create Web Content Embed a link with a target of _blank For example:link2 Publish the...

This guide shows you how to integrate Liferay Portal with WSO2's Identity Server. These are the basic settings with the goal of setting the user on the right track. Resolution Install, Start and Setup WSO2 Download the binary package here: WSO2 Identity Server. You will need to register...

This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When signing into Liferay portal through the use of LDAP and NTLM, if the user credentials are not already...

This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. With "liferay-fix-pack-plugin-deployment-1-6120.zip" installed an error occurs while trying to access...

SAML communication occurs via request and response packets between an identity provider and a service provider. This article addresses how to provide user data within the response packets. The configuration will be done through portal-ext.properties. Affected Products Liferay Connector...

This article is regarding a performance issue that may surface when executing an LDAP import using the UserGroup method for a large amount of users. Specifically, the issue is that the import process could take longer than expected. The cause of this issue is that the SQL query ("SELECT...

Liferay will support our API and resolve any issues and answer any questions having to do with the API itself or any other part of Liferay's software. Issues and questions regarding custom development may be handled by our Global Services team or by the developer of those customizations....