Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
OAuth2 Token sometimes gets 401 response
legacy Troubleshooting
Issue Sometimes users are unable to log in because their OAuth2 tokens receive a 401 "Unauthorized" response. This seems to happen randomly, and the tokens should be valid. Environment Liferay DXP Resolution...
Web Content Templates cache Absolute image URLs, not Relative URLs
legacy Troubleshooting
Issue The templates cache absolute image URLs instead of relative URLs. Environment 2024.Q1.12, 2024.Q1.18 Resolution Upgrade to 2024.Q2.0+ or Request a hotfix with LPD-23196, knowledgeArticleType: troubleshooting,...
Does Liferay have an Attestation of Compliance to be PCI certified?
legacy
Issue We are in the process of reviewing application compliance and want to know if Liferay has an attestation of compliance (related to PCI), specifically the Payment Card Industry Data Security Standard? Environment...
Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP
legacy Troubleshooting
Issue Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP We found this article and had a hotfix with LPS-76246 We found that the fix is not applied correctly. Environment Liferay DXP 7.3...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch...
Logging to application always taking to home page instead of request url
legacy Troubleshooting
Issue We are encountering an issue where users are consistently redirected to the application's homepage immediately following SAML authentication, even when an alternative page was initially requested. Environment...
Is it Possible to Require an Administrator to Enter Their Password When Changing a User's Password?
legacy
Issue When I want to updates a user's password as an administrator, the system does not require to re-enter my own password for authentication. This is inconsistent with other actions, such as updating a screen...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately...
Time-Based Authenticator QR Code Not Populating
legacy Troubleshooting
Issue When trying to set up the QR Code for MFA settings, following this documentation Multi-Factor Authentication Checkers, we've found that the QR code doesn't populate. It should be populating under "Shared...
B2C SSO Configuration with OpenID Connect Not Working
legacy Troubleshooting
Issue Setting up Business-to-Consumer (B2C) single sign-on (SSO) configuration with Liferay using OpenID Connect (OIDC) in Azure AD B2C is not working as expected. After enabling OpenID under Instance Settings in...
Is Liferay affected by CVE-2024-6783?
legacy
Issue After performing a security scan, a Vue.js vulnerability reported as CVE-2024-6783 is identified. Environment Liferay DXP 7.4 - Quarterly Releases Resolution Liferay is not impacted by CVE-2024-6783 as Liferay DXP...
Liferay Marketplace App Manager Web XSS Vulnerability (CVE-2025-4388)
legacy Troubleshooting
Issue A reflected cross-site scripting (XSS) vulnerability (CVE-2025-4388) in /o/marketplace-app-manager-web/icon.jsp allows a remote non-authenticated attacker to inject JavaScript into the...
Authenticated users with no permission to access Control Panel can navigate to /control_panel/manage with the message: Please select a tool from the left menu.
legacy
Issue I have an issue with authenticated users who do not have privilege to access the Control Panel. A user with no specific role (Only User role), when navigating to /control_panel/manage gets redirected to a page...
Cross-Site Scripting: Reflected
legacy
Issue A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not...
Callback URL of OAuth2 application created via client extension resets after server restart
legacy
Issue After restarting the server, the callback URL for OAuth2 applications created via client extensions, gets reset to the default @protocol@://localhost@port-with-colon@/o/oauth2/redirect, instead of the...
Property "redirect.url.security.mode" has invalid value: domain,domain
legacy Troubleshooting
Issue After setting the property redirect.url.security.mode=domain we are now seeing WARN messages such as Property "redirect.url.security.mode" has invalid value: domain,domain Environment Liferay DXP Resolution Please...
Security scan detected a "Reference to Windows file path is present in HTML"
legacy Troubleshooting
Issue Our security scan detected a "Reference to Windows file path is present in HTML" in the following URL:...
ユーザー
Official Documentation
Users Every person who accesses a Liferay site is considered a user. Unauthenticated users are considered Guest users. Liferay ships out-of-the-box with a default admin user who has complete...
Liferay 7.3以前のバージョンのユーザープロフィール写真の更新
Official Documentation
Updating User Profile Pictures for Liferay 7.3 and Earlier Versions Users have profile pictures. Administrative Users can upload images in the Edit User form, and Users can update their own account...
Commerce 2.1 以前のバージョンでのアカウントへの住所の追加
Official Documentation
Adding Addresses to an Account for Commerce 2.1 and Earlier Versions This article documents how to update an account's billing and shipping addresses using either the Control Panel. Navigate to...
標準権限
Official Documentation
Standard Permissions Liferay defines several standard permissions across various applications and resources, such as view, edit, update, and more. Managing permissions Permissions are best managed...
ユーザーの追加と管理
Official Documentation
Adding and Managing Users Core user management activities include adding, editing, and deleting users. These activities are typically restricted to Administrative users. Adding Users Open the...
アカウントユーザー
Official Documentation
Account Users For Liferay 7.4 U55+/GA55+ Once you've created an account, you can associate existing users with it manually. Alternatively, you can create and associate users with an account...
Using Shibboleth 3 as IdP + SAML Integration
legacy How To
Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these...
Configuring Cookies' httpOnly Status
legacy How To
Description By default, the Liferay platform sets all of its cookies to httpOnly true in its portal.properties file (Liferay 6.2 and earlier) or in its system.properties (starting with Liferay 7.0) files. # #...
FAQ for LDAP on Liferay DXP
legacy
This document has been updated and ported to Liferay Learn and is no longer maintained here. This article documents some of the most frequently asked questions regarding the use of Lightweight Directory Access Protocol...
Configuring reCAPTCHA v2 in Liferay Portal 6.2 EE
legacy How To
This article outlines how to configure reCAPTCHA version 2 in Liferay Portal 6.2.  Google is sunsetting reCAPTCHA v1 and as of March 2018 all v1 API calls will no longer work. In response to this "End of Life"...
Users Fail to Import When First Name is Missing in LDAP
legacy
 This article discusses an apparent issue when Liferay Portal will throw a ContactFirstNameException error in the console. This error message appears when the first name is left out if importing a user from an LDAP...
Possible LDAP NullPointerExceptions
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When...
NTLM Browser Support
legacy
Affected Versions Liferay DXP 7.1 Liferay DXP 7.0 Liferay Portal 6.2 EE Liferay Portal 6.1 EE Integrating NTLM with Liferay products should only be done with Internet Explorer for...
Customer and Deployment Impact of Disabling TLS 1.0 for Inbound Traffic on Liferay Services
legacy
Due to vulnerabilities in the Transport Layer Security v1.0, Liferay has disabled TLS 1.0 for inbound secure connections on all systems and services on January 11, 2019. We previously announced in November 2018 that...
Authentication Error When Logging In With Google Account
legacy Troubleshooting
This article documents an authentication error when attempting to log in to the portal instance using a google account. Listed below are the steps to resolve the issue or avoid it altogether. Resolution Error:...
AntiSamy Portlet Removes HTML Target Attributes
legacy How To
The AntiSamy portlet is meant to prevent XSS type attacks. One side effect however is that if an HTML target is used, then the portlet will remove it upon publishing the content. Steps to Reproduce Create Web...
Possible Mismatch Between the Real LDAP Import Time and Import Interval Set on Instance Settings after LPS-98420
legacy Troubleshooting
Issue After LPS-98420, there might be a mismatch between the real LDAP Import trigger time and Import Interval set on instance settings. For example: Set “System Settings -> LDAP -> Import Interval” to 2. Set “Instance...
LDAP users are unable to log in(Caused by: java.net.SocketException: Connection reset)
legacy Troubleshooting
Issue If the LDAP is configured and when the LDAP users are trying to log in, authentication fails and started getting the following error in the server console. ERROR...
Unable to handle SAML Request
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message in UI and in Server console. UI: "Unable to handle SAML Request" Server Console:  ERROR...
Authentication through LDAP when SAML is enabled
legacy Troubleshooting
Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the...
How to reproduce https:// problems on localhost
legacy How To
Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed...
Security Advisory for CVE-2019-2729 for Oracle WebLogic
legacy Troubleshooting
Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are...
Resolving errors when using Liferay JSON Web Service to do the searching
legacy Troubleshooting
Issue When invoking Liferay JSON Web Service to do the searching, you may encounter errors like the following: com.liferay.portal.kernel.dao.orm.ORMException: org.hibernate.exception.SQLGrammarException: could not execute...
[LES] Issues reinstalling Liferay Connector to X-Pack Security
legacy How To
Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack...
Preventing host header attack vulnerabilities
legacy How To
Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment...
[LES] How to reinstall Liferay Connector to X-Pack Security
legacy How To
Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
LDAP users are able to login with Default User Password
legacy
Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the...
CSRF (p_auth) token is not included in portlet ResourceURLs
legacy
Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...)...
Antisamy - Document description field not sanitized
legacy
Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific...
How to configure the "check-auth-token" parameter within an OSGi portlet?
legacy How To
Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled...
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
LDAP Performance Issues after upgrading from 6.2 to 7.2
legacy Troubleshooting
Issue Seeing some slowness authenticating with LDAP after upgrading from 6.2 to 7.2. Environment DXP 7.2 [Upgraded from 6.2] Resolution Install Fix Pack 9 or a hotfix that includes LPS-122832 and run the upgrade process...
How to prevent user enumeration attacks through the Forgot Password functionality
legacy How To
Issue Insecure default configuration may allow remote attackers to enumerate users' email addresses via the forgot password functionality. This can be a risk in the case of public-facing deployments. Environment...
Couldn't retrieve remote JWK set: Server returned HTTP response code: 401 error occurs when using OpenID Connect authentication with Oracle Identity Cloud Service
legacy Troubleshooting
Environment Liferay DXP 7.0-7.3 Oracle Identity Cloud Service OpenID Connect authentication enabled Symptom When OpenID Connect authentication is enabled in Liferay DXP and Oracle Identity Cloud Service (IDCS) is the...
Session Timeout value is overridden during fix pack upgrade
legacy How To
Issue During installation of a fix pack, the value of <session-timeout> is reset to default within web.xml. Is the value of session timeout can be changed 'permanently'? Environment DXP 7.2 Resolution Currently,...
SAML changes post upgrade from DXP 7.0 to higher version
legacy How To
Issue SAML authentication is being used in DXP 7.0. After upgrading the DXP 7.0 to any higher version, how to configure SAML in the upgraded environment? Environment Liferay DXP 7.1 Liferay DXP 7.2...
Add custom certificate in SAML configuration
legacy How To
Issue As part of the SAML configuration, it is possible to generate a Certificate and a Private Key. This generates both a self-signed key and a container storekey (in $LIFERAY_HOME/data/keystore.jks by default)....
How to resolve a "Failed to define class from Service Module Loader" error
legacy Troubleshooting
Issue Upon installation of security-hotfix-lsv-45 in Liferay Portal bundled with JBoss, a "Failed to define class" error is generated in the Liferay logs. Failed to define class...
SAML no longer working after upgrading Liferay
legacy Troubleshooting
Issue After upgrading Liferay from Liferay DXP 7.0 to Liferay DXP 7.2, SAML is no longer working and users are no longer able to authenticate using SAML. It is possible that the following error will also appear in the...
Importing Contact and Custom Field Mappings From LDAP
legacy How To
In some environments it may be desirable to import a user's contact information from an LDAP server. This article explains how to import custom mappings as well as contact mappings from a Microsoft Active Directory...
Errors Exporting Password to LDAP
legacy Troubleshooting
The fix on LPS-55208 modifies LDAPUserExporterImpl (PortalLDAPExporterImpl in Portal 6.2 EE) in a way that the user is only exported to LDAP when the user's modifiedDate field changed....