Search Results

All Results 437
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Elasticsearch and Liferay Enterprise Search Security Advisory: CVE-2018-3831
legacy
CVE-2018-3831 reports that, "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such...
Excluding User Groups Not Part of the BaseDN In LDAP Import
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. In older versions of Liferay Portal (e.g. 5.1.x, 5.2 EE SP3), by default, Liferay will import all user groups a...
Apache Struts 2 Vulnerability: CVE-2017-9805 and CVE-2017-12611 - REST XStream FreeMarker
legacy
The following Common Vulnerabilities and Exposures (CVE) have been reported for Apache Struts 2: CVE-2017-9805 CVE-2017-12611 CVE-2018-1327 - REST XStream FreeMarker CVE-2018-11776 How are Liferay DXP (both 7.0 and 7.1) and Liferay Portal affected by the Apache Struts 2 Vulnerability?...
JSESSIONID Changes as Part of Liferay Security
legacy
This article documents Liferay's position regarding the Session Identifier (JSESSIONID), including how and why a new JSESSIONID is generated.  Resolution Customers doing their own security scan of the Liferay platform might have noticed that a new JSESSIONID may have been generated....
Java NPEs in the Console When Refreshing the CAPTCHA Image
legacy Troubleshooting
This article documents a known issue where refreshing the CAPTCHA image causes a Java NullPointerException (NPE) to be triggered. Please note that the CAPTCHA image will still be refreshed. Steps to Reproduce Start the Liferay Digital Enterprise 7.0 platform. Click the Sign In link at...
Open LDAP setup guide
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber. This article contains a...
WeDeploy Auth Admin Portlet in Liferay DXP 7.0 Fix Packs
legacy Troubleshooting
When deploying Liferay DXP 7.0 Fix Pack 24, 25, 26 or 27, the WeDeploy Auth Admin portlet will appear in the Control Panel. WeDeploy is currently a beta product. The addition of this portlet will have no impact or security risk.  Installing an affected fix pack will result in the...
Configuring Theme-Embedded Portlets After Deploying Security-Hotfix-11-6012
legacy How To
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. Security-hotfix-11-6012, which is available for Liferay Portal 6.0 EE SP2, is preventing embedded portlets from...
Avoiding Authentication Errors With IE8 and IE9
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When a session of Liferay times-out, an Invalid Authentication error is displayed. When the error is displayed, it...
Applying Security Update 2012-05-25 requires Tunnel-web
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When trying to apply Security Update 2012-05-25 the following error message occurs: "security-hotfix-5-6012 ::...
SAML Comprehensive Quick Start Guide for Liferay Portal
legacy How To
This is a comprehensive article that documents the steps for how to set up SAML on Liferay Portal 6.2 EE. In addition, this article covers the different ways that SAML can be implemented and utilized. SAML (Security Assertion Markup Language) is an XML-based open standard data format for...
Configuring Liferay DXP as SP and OKTA as IdP
legacy How To
This article documents the basic steps users need to execute in order to set up their instance of Liferay DXP as SP, and OKTA as IdP. Resolution OKTA Configuration Log in to OKTA and navigate to Admin > Add Application (Shortcuts in the right menu) > Create New App. Select SAML 2.0....
LDAP Import Rejects Users From Certain Domains
legacy Troubleshooting
This article explains why users from specific domains are not imported through LDAP due to the email address validator in the Liferay platform, and provides a solution to resolve this if a specific domain is required for your business needs. For example, domains that use two hyphens (for...
Using Liferay Connector to OAuth EE
legacy How To
What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The example from our official documentation is worth repeating here; users can make Twitter or Facebook available on Liferay Portal or DXP. To gain access to Facebook or...
Using the Data Migration Tool in Liferay Portal
legacy How To
This article describes the two uses of the data migration tool in the system administration section of Liferay Portal. The Data Migration Tool is fully supported for Liferay Portal 6.2 and below. It has been deprecated in DXP 7.0. Note: The tool migrates only Liferay data; that is, data...
Generating Liferay SAML Environment's metadata.xml
legacy How To
This article describes how to generate Liferay SAML metadata from a web browser. SAML metadata in an XML file is configuration data required to automatically negotiate agreements between system entities, comprising identifiers, binding support and endpoints, certificates, keys,...
Public Hostnames and IP Addresses
legacy How To
Very often a Liferay Portal or Liferay DXP instance resides inside a private network and—due to a company's security policy—while it can serve content to the public Internet, it cannot access the Internet by default. In such cases, cloud-based services—like Marketplace App Activation and...
Setting Up DXP 7.0 as SP and WSO2 as IdP
legacy How To
This article documents how to set up Liferay DXP 7.0 as SP and WSO2 as IdP. Resolution WSO2 configuration 1. Download wso2is-5.3.0.zip from the WSO2 site and extract the file to a dedicated directory. 2. Go to wso2is-5.3.0/bin and run command $sh wso2server.sh to start wso2 server if you...
Setting Up ClamAV With the Liferay Platform on Windows
legacy How To
This article documents how to set up Clam Antivirus with the Liferay platform on Windows for testing purposes. The goal is to scan documents for viruses when they are being uploaded. Resolution Download ClamWin for Windows. You can update to a more recent version after installation. For...
Exporting OpenSSO Configuration Settings for Use in Another DXP Environment
legacy How To
If you are migrating your OpenSSO configuration from one environment to another, you don't need to migrate the settings manually. Resolution Login to your Liferay DXP environment. Navigate to Control Panel > Configuration > System Settings Search for OpenSSO and open the OpenSSO entry....
Deploying and Managing SAML on Liferay DXP
legacy Troubleshooting
This troubleshooting guide is meant to supplement the existing SAML documentation. The information in this guide explains in more detail to demonstrate the most common use cases.   Table of Contents Introduction Use Case #1: Salesforce Integration Use Case #2: Liferay as Both IdP and SP...
ユーザーグループにユーザーをアサイン後、そのユーザーのSSOログイン直前にアサインを外される
legacy Troubleshooting
問題 ユーザーグループにユーザーをアサイン → アサインしたユーザーでSSOでログインすると、 そのユーザーがユーザーグループから外れます。 監査ログでは、そのユーザーのLOGINの直前(監査ログ上は同時刻)に同ユーザーのUNASSIGNが行われています。 本事象について、対処法をご教示ください 環境 DXP Quarterly Releases 解決 本事象は、LPD-40838 により修正されております。 ご使用のDXPバージョンをアップグレードいただくか、サポートにてHotfix依頼を行なってください。 追加情報  , knowledgeArticleType:...
セッションタイムアウトの時間を、インスタンスごとに設定したいです。
legacy
問題 セッションタイムアウトの時間を、インスタンスごとに設定する手順がわかりません。 環境 7.0 + 解決 現時点ではインスタンスごとに、セッションタイムアウトの時間を設定する機能はございません。 フィーチャーリクエストが作成されております。 追加情報 フィーチャーリクエスト LPD-25196 Liferay Cloud (LXC-SM) で Liferay DXP セッションのタイムアウトを変更する方法, knowledgeArticleType: reference, legacy: true, name:...
Aruba Networks製品の利用有無について
legacy
問題 Aruba Networks社製品の脆弱性が公開されました。 LXC-SM環境にて、当該製品の使用有無を確認する必要があります。 環境 Liferay PaaS 解決 LXC-SM、当社のクラウド ソリューションは Aruba を使用しておりません。 追加情報 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt, knowledgeArticleType: reference, legacy: true, name: Aruba Networks製品の利用有無について,...
「アイデンティティ・プロバイダーへリダイレクトしています...」というメッセージの画面の背景を変更可能ですか。
legacy
問題 「アイデンティティ・プロバイダーへリダイレクトしています...」というメッセージの画面のヘッタ部、フッタ部を無くして、全面を白画面に変更したいです。 環境 DXP 7.4 解決 該当の画面のみを変更する方法はございません。 SAML設定のうち、SP側のサイトについて、テーマの編集及び変更が必要となることが考えられます。 追加情報 OKTAのログイン画面に遷移する前に、「アイデンティティ・プロバイダーへリダイレクトしています...」というメッセージがユーザーに表示される, knowledgeArticleType: reference, legacy: true,...
ワンタイムパスワードが使用できなくなりました。
legacy
問題 ワンタイムパスワード発行後、別のブラウザ経由でLiferayにアクセスすると、ワンタイムパスワードでアクセスできませんでした。 環境 DXP 7.4 解決 ブラウザのキャッシュクリアや、別ブラウザを利用した場合等、ワンタイムパスワード発行後に、ブラウザセッションが異なる場合はご利用いただけません。 追加情報 ワンタイムパスワードの有効期限は設定できますか?, knowledgeArticleType: reference, legacy: true, name: ワンタイムパスワードが使用できなくなりました。, showDisclaimerMessage:...
LDAP連携の、認証検索絞り込みに利用可能なトークンの種類
legacy
事象/ユースケース 認証検索絞り込みに利用するトークンを変更する 解決策/提案 絞り込みには、以下の4つのトークンのみが利用可能です。 @company_id@ @email_address@ @screen_name@ @user_id@ 注意点 スクリーン名(@screen_name@)に紐付ける場合、使用可能な文字列に制限があります。 追加情報 LDAP スクリーン名について(Liferay DXP版), knowledgeArticleType: reference, legacy: true, name:...
LDAPからのユーザーインポートについて
legacy How To
事象/ユースケース LDAPからのユーザーインポート間隔はデフォルトで10分ですが、変更方法する必要があります。 解決策/提案 コントロールパネル>設定>インスタンス設定>「認証」パネルの「LDAP」タブで初期値を変更できます。 なお、LDAPからのインポートは以下の条件で実行されます: 設定したインポート間隔(デフォルトは10分です) 該当ユーザーのログイン時 スタートアップ時(スタートアップの際にインポートを有効にしている場合) インポート済みのユーザーに関しては、LDAP側で属性が変更されている場合、先述の条件のタイミングでLiferay側に反映されます。...
LiferayでのSAML設定方法
legacy How To
SSOとは、ユーザーが複数のサイト間で都度パスワード認証をする手間を省くため、サーバやアプリケーション、ネットワークに接続する際のサインオンを一度の手続きで行い、複数アプリケーションやサーバに接続できるようにするる仕組みです。SAMLはSSOの一つです。SAML 2.0とは、ユーザの情報を含むトークンを利用して、SAMLオーソリティー(アイデンティティープロバイダー)とSAML消費者(サービスプロバイダー)とコミュニケーションするXMLプロトコルです。 詳細 1) アイデンティティープロバイダーの作成  目的:1台のLiferayはIdPとして設定と運用...
DXPで「ldap.import.create.role.per.group」を使用する方法
legacy How To
DXPでldap.import.create.role.per.groupを使用する方法 Liferay 6.2には、LDAPのグループをインポートした際に同名のロールを自動的に作成するためのプロパティldap.import.create.role.per.groupがあります。DXPではportal-ext.propertiesでの設定はできなくなり、代わりにGUIから設定する必要があります。 GUIからの設定方法は以下の2つがあります。 解決策 インスタンス毎に設定する方法 「コントロールパネル>設定>インスタンス設定」へ移動 「認証」パネルの「LDAP」をクリック...
SCIM Support for Microsoft Entra ID
legacy
Issue Is there complete out-of-the-box SCIM support for Microsoft Entra ID in Liferay DXP? Environment Versions before 2025.Q2.0. Resolution Full support for Microsoft Entra ID with Liferay's SCIM functionality was introduced in the 2025.Q2.0 release. Prior versions, including 2025.Q1,...
User ID's and Emails populating due to SSTI vulnerability
legacy Troubleshooting
Issue We've found an undesirable behvavior when using new widget templates on a page. When using the expandoColumnLocalService.CTPersistence.openNewSession(null) function, the the direct SQL query execution within the template itself, bypasses the standard access controls and exposes...
Is it Possible to Require an Administrator to Enter Their Password When Changing a User's Password?
legacy
Issue When I want to updates a user's password as an administrator, the system does not require to re-enter my own password for authentication. This is inconsistent with other actions, such as updating a screen name or email address, where password verification is required.  Is it...
Web Content Templates cache Absolute image URLs, not Relative URLs
legacy Troubleshooting
Issue The templates cache absolute image URLs instead of relative URLs. Environment 2024.Q1.12, 2024.Q1.18 Resolution Upgrade to 2024.Q2.0+ or Request a hotfix with LPD-23196, knowledgeArticleType: troubleshooting, legacy: true, name: Web Content Templates cache Absolute image URLs, not...
Does Liferay have an Attestation of Compliance to be PCI certified?
legacy
Issue We are in the process of reviewing application compliance and want to know if Liferay has an attestation of compliance (related to PCI), specifically the Payment Card Industry Data Security Standard? Environment DXP 7.2 Resolution Liferay is not a payment card platform and...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately after being received and the configured password reset link duration has not...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch [org.hibernate.StaleStateException: Batch update returned unexpected row count from...
Workflow Task URL for Unauthorized User Returns 404 Instead of Login Page
legacy Troubleshooting
Issue When an unauthorized user attempts to access a workflow task URL, they are shown a 404 error page instead of being redirected to the login page. This issue specifically occurs when the URL follows the /user/{screenName}/... pattern. Environment Liferay DXP 7.4 u84+ Resolution To...
OAuth2 Token sometimes gets 401 response
legacy Troubleshooting
Issue Sometimes users are unable to log in because their OAuth2 tokens receive a 401 "Unauthorized" response. This seems to happen randomly, and the tokens should be valid. Environment Liferay DXP Resolution OAuth2 token authorization may fail if the token issue timestamp is slightly...
Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP
legacy Troubleshooting
Issue Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP We found this article and had a hotfix with LPS-76246 We found that the fix is not applied correctly. Environment Liferay DXP 7.3 Resolution The fix is not applied correctly due to the old SAML connector...
Time-Based Authenticator QR Code Not Populating
legacy Troubleshooting
Issue When trying to set up the QR Code for MFA settings, following this documentation Multi-Factor Authentication Checkers, we've found that the QR code doesn't populate. It should be populating under "Shared Secret", but our page is blank. Steps for reproduction: Control Panel > System...
How to use environment variables for passwords within OSGi config files
How To
Issue For security reasons, we would like to store passwords using environment variables within OSGi .config files. For example, to store the Elasticsearch server's password. Environment 7.3+ Resolution In Liferay versions containing LPS-123057, it is possible to use environment...
Node.js Version for Client Extension Development and Handling Security Vulnerabilities
legacy
Issue When developing client extensions with React for Liferay DXP 2024.Q4 or newer, what is the recommended Node.js version? The official compatibility matrix suggests Node.js version 20.12.2, but this version may have known security vulnerabilities (e.g., CVE-2025-23166,...
Logging to application always taking to home page instead of request url
legacy Troubleshooting
Issue We are encountering an issue where users are consistently redirected to the application's homepage immediately following SAML authentication, even when an alternative page was initially requested. Environment 7.4+ Resolution This is a known issue reported in LPD-39115 and was fixed...
B2C SSO Configuration with OpenID Connect Not Working
legacy Troubleshooting
Issue Setting up Business-to-Consumer (B2C) single sign-on (SSO) configuration with Liferay using OpenID Connect (OIDC) in Azure AD B2C is not working as expected. After enabling OpenID under Instance Settings in the Control Panel, the system is not working and throws an "internal server...
Is Liferay affected by CVE-2024-6783?
legacy
Issue After performing a security scan, a Vue.js vulnerability reported as CVE-2024-6783 is identified. Environment Liferay DXP 7.4 - Quarterly Releases Resolution Liferay is not impacted by CVE-2024-6783 as Liferay DXP does not use the vue-template-compiler Additional Information...
Application Accept Special Characters in Input Fields
legacy
Issue The application accepts special characters in input fields. Ex: " ' ` * ; % _ = & | \ ? ~ < > ^ () [] {} $ \n\ Steps to Reproduce: 1. Start Liferay server. 2. Navigate to the user’s profile. 3. Click on Account Settings. 4. Edit the First Name field and enter:...
Liferay Marketplace App Manager Web XSS Vulnerability (CVE-2025-4388)
legacy Troubleshooting
Issue A reflected cross-site scripting (XSS) vulnerability (CVE-2025-4388) in /o/marketplace-app-manager-web/icon.jsp allows a remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web module. Environment 2024.Q1.8 Resolution...
Step-by-Step SAML Integration with Liferay and Keycloak
legacy How To
Issue Is Keycloak supported with Liferay? If yes, how can SAML be configured with Liferay? Environment Lifeary DXP [All versions] Resolution As per Liferay’s official compatibility matrix, Keycloak is not listed as a supported Identity Provider (IdP), as it has not been explicitly tested...
I received the following error in the log: Feature flag LPD-10588 is not available for company 0
legacy Troubleshooting
Issue After upgrading to 2025.q1.6-lts, I received the following error in the log: Feature flag LPD-10588 is not available for company 0 Environment Liferay Quarterly Release 2025.q1.6-lts Resolution The case has been addressed and resolved by LPD-56013. Kindly request a hotfix. After...
Re-enabling Basic Authentication when Unable to Access the DXP Control Panel
legacy How To
Issue My Basic Authentication was disabled at the Instance Level, and now I am unable to access the DXP Portal because of it. How do I re-enable Basic Authentication without logging in?   Environment Quarterly Release 2025.Q1.6   Resolution There is a way to re-enable Basic...
Callback URL of OAuth2 application created via client extension resets after server restart
legacy
Issue After restarting the server, the callback URL for OAuth2 applications created via client extensions, gets reset to the default @protocol@://localhost@port-with-colon@/o/oauth2/redirect, instead of the configured URL. Environment Quarterly Releases Resolution Client extensions...
Cross-Site Scripting: Reflected
legacy
Issue A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the...
Authenticated users with no permission to access Control Panel can navigate to /control_panel/manage with the message: Please select a tool from the left menu.
legacy
Issue I have an issue with authenticated users who do not have privilege to access the Control Panel. A user with no specific role (Only User role), when navigating to /control_panel/manage gets redirected to a page with the message: Please select a tool from the left menu. Reproduction...
Changes to Site Templates are not propagated to pages
legacy Troubleshooting
Issue Changes made to a site template are not propagated to the pages that use the template. We can see the next error in the server log: [LayoutSetPrototypeMergeBackgroundTaskExecutor:219] Merge fail count increased to 1 for layout set prototype 11111...
Organization's users exposed in UI when modifying groupID in Request Body
legacy Troubleshooting
Issue An organization's member list can be seen by manipulating the role member assign(groupID) in a request. Here are the steps to reproduce: Setup browser proxy to 127.0.0.1:8180. For example with Chrome, navigate to Settings > System > Open your computer’s proxy settings Download,...
Is Liferay Affected by CVE-2025-29927?
legacy
Issue Is Liferay affected by vulnerability CVE-2025-29927?   Environment Liferay DXP Quarterly Releases   Resolution The vulnerability CVE-2025-29927 is related to Next.js, a technology not used by Liferay as a software. Thus, this vulnerability doesn't affect Liferay itself.,...
Property "redirect.url.security.mode" has invalid value: domain,domain
legacy Troubleshooting
Issue After setting the property redirect.url.security.mode=domain we are now seeing WARN messages such as Property "redirect.url.security.mode" has invalid value: domain,domain Environment Liferay DXP Resolution Please check all of your environment's PROPERTIES files to ensure that...
Security scan detected a "Reference to Windows file path is present in HTML"
legacy Troubleshooting
Issue Our security scan detected a "Reference to Windows file path is present in HTML" in the following URL: https://localhost:8080/o/js/resolved-module/frontend-js-node-shims$path-browserify@0.0.0/index.js?languageId=en_US Can you please solve this security issue? Environment DXP 7.2...
Audit portlet only available for Administrators
legacy How To
Issue After upgrading to U78+ you might encounter a behavior where the Audit portlet is only available for Administrators, whereas before U78 you could create a regular role with access to it The reason behind this change is that the behavior where any regular Role could access the Audit...

該当件数: 628 件中 541 - 600