Issue
-
If SAML is configured/enabled in Liferay and Login portlet is removed from the page, a user can still see the Sign in Portlet and he/she can log into the portal without using SAML login mechanism by using the below URL:
The complete URL should look like below:
https://www.testing.com/en/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=/login/login&pq0xc2y4=1
Environment
- Liferay Portal 6.2
- Liferay DXP 7.0
- Liferay DXP 7.1
Resolution
-
For Liferay 6.2
-
Option 1(requires a restart): Liferay has provided the OOTB property to enable and disable the Sign in the portlet
#
# Set a list of comma delimited portlet ids that will bypass the security
# check set in the property "portlet.add.default.resource.check.enabled".
#
portlet.add.default.resource.check.whitelist=3,56_INSTANCE_0000,58,82,86,103,113,145,164,166,170In the above property, the value "58" belongs to portlet ID of Sign in the portlet. In order to completely disable, remove the portlet ID "58" from the property. After removing, it should look like below:
portlet.add.default.resource.check.whitelist=3,56_INSTANCE_0000,82,86,103,113,145,164,166,170
-
Option 2: Removing the "view" permission for the guest user
-
Add sign-in portlet in the homepage(if it is not present in homepage)
-
Click on options -> configuration -> permission -> uncheck the View for Guest user and save it.
-
-
-
-
Option 3: Disabling through Portal.
- Navigate to Control Panel-> Apps -> App Manager -> Liferay Core.
- In Liferay Core-> Select Sign In Portlet from Drop Down-> Click on active-> it will get inactive.
-
Option 3: Disabling through Portal.
By these three options, the login can be disabled.
-
For Liferay DXP 7.0 and 7.1
-
By following the below steps. we can disable the Login Portlets in DXP
-
The Login Portlet can be disabled by deactivating the Sign In,
- Navigate to Control Panel.
- Go to Configuration> Components> Portlets> Sign In>> Edit and uncheck the "Active" checkbox. (As shown below)
-
The Login Portlet can be disabled by deactivating the Sign In,
-
By following the below steps. we can disable the Login Portlets in DXP
Additional Information
-
There are two types of Sign-In portlet. One is Sign-In portlet which we have covered above and the other one is Fast Sign-In portlet.
-
For Liferay Portal 6.2
-
In 6.2, we can access the Fast Sign In Portlet by the below URL
- In the above property, portlet ID "164" belongs to Fast Sign in Portlet and removing the portlet ID "164" from the property will blacklist the Fast Sign in portlet as well so that user can not access any of the Sign-In portlets.
- Disabling through Portal
- Navigate to Control Panel-> Apps -> App Manager -> Liferay Core.
- In Liferay Core-> Select Fast Sign In Portlet from Drop Down-> Click on active-> it will get inactive.
-
-
For Liferay DXP 7.0 and 7.1
-
Deactivating Fast Sign In Portlet.
- Navigate to Control Panel.
- Go to Configuration> Components> Portlets> Fast Sign In>> Edit and uncheck the "Active" checkbox. (As shown below).
-
Deactivating Fast Sign In Portlet.
- Avoid or allow that some applications can be dynamically displayed in a page
