Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Why does our internal server address appear when users authenticate against our SSO?
legacy
Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs...
Generating SAML Metadata with HTTPS
legacy How To
Issue This article documents how to generate a SAML metadata XML file that also has HTTPS enabled. Environment Liferay Portal 6.2, DXP 7.0, DXP 7.1 Any web server  Resolution In order to generate a SAML metadata.xml...
Updated Email Addresses in LDAP are not Imported to Liferay DXP 7.0
legacy How To
Issue This article documents a product limitation and a possible workaround for importing a user whose email address was updated in LDAP into a Liferay DXP instance. Environment Liferay DXP  LDAP server Resolution This...
User should be re-directed to the login page once the session expires
legacy How To
Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If...
Security Statement on CVE-2019-11444: Disputed Groovy Script console vulnerability
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is...
LFR_SESSION_STATE cookies are not marked as HttpOnly
legacy
Issue LFR_SESSION_STATE cookies are not marked as HttpOnly Environment Liferay DXP, Liferay 6.2 Resolution This is not a security issue because this cookie is created and used in session.js which is the portal's Javascript. ...
How Can I Assign Roles to Users When Importing from LDAP?
legacy Troubleshooting
Issue When importing users to Liferay DXP from LDAP, they are not being assigned the roles I want them to have from my LDAP server. Environment Liferay DXP LDAP Resolution In Liferay DXP, Users are...
Lodash Security Vulnerability in Theme Dependencies
legacy
Issue In the Liferay theme dependencies, Lodash versions 3.10.1 and below are used extensively as dependencies throughout. Versions of Lodash prior to 4.17.5 suffer from a security risk: CVE-2018-3721...
Why are user accounts shared when I have multiple LDAP servers configured?
legacy Troubleshooting
Issue When a Liferay DXP bundle is configured to communicate with two or more LDAP servers there can be issues with user importing and users logging in. Example: If Liferay DXP is communicating with two LDAP...
Using MS ADFS & Liferay SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Remove the Ability to Add JavaScript in the Control Panel's Site Pages
legacy How To
Issue Disable the ability to add JavaScript to pages on DXP 7.0 and thus prevent malicious code injections. Environment  DXP 7.0 Fix Pack 60+ This functionality was introduced in DXP 7.0 Fix Pack 60 Resolution Install...
Deployment of SAML plugin does not display SAML admin screen
legacy Troubleshooting
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Event/Use...
Virtual LDAP Server Plugin Setup
legacy How To
The following article gives a basic use case for Liferay's Virtual LDAP Server Plugin. Liferay's EE Virtual LDAP plugin turns Liferay portal into a virtual LDAP server that can be accessed by external LDAP explorer...
User Cannot Log In to Sync Client When SAML SSO and OAuth Are Enabled
legacy Troubleshooting
This article documents a known issue where users cannot log in to the Sync Client if both SAML and OAuth are enabled. As a result, authentication fails with a blank screen on Sync client. Repeated warning messages will print...
Implementing NTLM Seamless Login
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. After successfully configuring Liferay...
LDAP Frequently Asked Questions
legacy
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. As many Liferay subscribers use...
Receiving Mixed Mode Warning when ReCaptcha is enabled on site with HTTPS
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. The...
False Security Issue in FCKEditor and Liferay 6.x Reported as CVE-2018-10795
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions. Resolution Liferay disputed this issue because file upload is an expected...
Quick Start Guide to SAML on Liferay Portal 6.1 EE GA2
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. SAML (Security Assertion Markup Language) is...
How Password Policies are Applied in Liferay
legacy
This article describes several cases in which a user can receive a password policy. Resolution Here are several use-cases outlining how password policies are applied in Liferay Portal. Case 1 When a user and all...
List of Cookies That Are Affected at Liferay Login
legacy How To
In compliance to the European Union Cookie Directive, please see the following articles in reference to cookies that Liferay has set upon at login. Resolution How HTTP Cookies are...
Setting Up OpenAM With Liferay Portal 6 on Tomcat
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Setting Up NTLM With Liferay
legacy How To
NTLM (NT Lan Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. When Liferay Portal is successfully integrated with NTLM, Active Directory users...
Setting Up Liferay Portal with Active Directory Server
legacy How To
The details of this article may also be covered in Configuring Liferay's LDAP Settings to Import Users. This article provides a comprehensive walkthrough for integrating an Active Directory Server with Liferay...
Using Liferay Connector to OAuth 2.0 in Liferay DXP 7.1
legacy How To
What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The OAuth example from our official documentation is worth repeating here; users can make Twitter or...
LSV-391: Security Advisory for Vulnerability With Pingback in Blogs
legacy How To
This advisory comes in response to the recent public announcement of a potential Server-Side Request Forgery (SSRF) vulnerability in Liferay Portal 7.0.4. The report talks about a perceived vulnerability for the...
Making Liferay CAPTCHA Easier to Read in Liferay Portal 6.1
legacy How To
This article is intended for legacy versions of Liferay Portal CAPTCHA is an industry standard security measure that requires users to enter what they see a small window as part of the validation process when creating an...
Disabling the Authentication System and Delegating It to an LDAP Server
legacy How To
By default, the Liferay platform always uses its own authentication system that checks and validates the user password in its own database. Even if you enable LDAP settings and set it...
Spring Framework Security Vulnerabilities: CVE-2018-1270, CVE-2018-1271, CVE-2018-1272
legacy
QUESTION: How are Liferay Digital Enterprise 7.0 and Liferay Portal affected by the Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1271, and CVE-2018-1272? Resolution Impact to Liferay CVE-2018-1270: Liferay...
Defining Encryption Algorithms for Passwords Stored in the Database
legacy How To
By default, Liferay encrypts the passwords that go into the database. The default algorithm is SHA-1 in 6.0 and 6.1 versions, which changed to PBKDF2WithHmacSHA1/160/128000 in version...
Elasticsearch and Liferay Enterprise Search Security Advisory: CVE-2018-3831
legacy
CVE-2018-3831 reports that, "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings...
Apache Struts 2 Vulnerability: CVE-2017-9805 and CVE-2017-12611 - REST XStream FreeMarker
legacy
The following Common Vulnerabilities and Exposures (CVE) have been reported for Apache Struts 2: CVE-2017-9805 CVE-2017-12611 CVE-2018-1327 - REST XStream FreeMarker CVE-2018-11776 How are Liferay DXP (both 7.0 and...
JSESSIONID Changes as Part of Liferay Security
legacy
This article documents Liferay's position regarding the Session Identifier (JSESSIONID), including how and why a new JSESSIONID is generated.  Resolution Customers doing their own security scan of the Liferay platform...
Excluding User Groups Not Part of the BaseDN In LDAP Import
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. In older versions of Liferay Portal...
Open LDAP setup guide
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles...
Java NPEs in the Console When Refreshing the CAPTCHA Image
legacy Troubleshooting
This article documents a known issue where refreshing the CAPTCHA image causes a Java NullPointerException (NPE) to be triggered. Please note that the CAPTCHA image will still be refreshed. Steps to Reproduce Start the...
Configuring Theme-Embedded Portlets After Deploying Security-Hotfix-11-6012
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable....
WeDeploy Auth Admin Portlet in Liferay DXP 7.0 Fix Packs
legacy Troubleshooting
When deploying Liferay DXP 7.0 Fix Pack 24, 25, 26 or 27, the WeDeploy Auth Admin portlet will appear in the Control Panel. WeDeploy is currently a beta product. The addition of this portlet will have no impact or...
Avoiding Authentication Errors With IE8 and IE9
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When a session of Liferay times-out, an...
SAML Comprehensive Quick Start Guide for Liferay Portal
legacy How To
This is a comprehensive article that documents the steps for how to set up SAML on Liferay Portal 6.2 EE. In addition, this article covers the different ways that SAML can be implemented and utilized. SAML (Security...