Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page

Written By

Kartik Singh

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM).

Issue

  • When accessing the OAuth2 authorization URL (http://localhost:8080/o/oauth2/authorize) from the "view-source" page, the browser redirects to the login page.

Steps to check:

  1. Start the Liferay instance.
  2. Access the URL: http://localhost:8080/.
  3. Add "view-source" before the URL to access the source code: view-source:http://localhost:8080/.
  4. Search for the URL: http://localhost:8080/o/oauth2/authorize in the source code.
  5. Copy the http://localhost:8080/o/oauth2/authorize URL and paste it into the browser.
  6. Observe that the page redirects to the "Login" page.

Environment

  • Liferay DXP 2024.Q2.6
  • Liferay PaaS

Resolution

  • The OAuth 2 endpoint `/o/oauth2/authorize` is public and will redirect to the login page if accessed directly. The target URL is determined by the Login URL setting in the Authorize Screen configuration (Control Panel > Instance Settings > OAuth 2 > Authorize Screen).
  • To prevent redirection to the login page when accessing /o/oauth2/authorize directly, configure one of the following:
    1. Change the Login URL:
      1. Navigate to Control Panel > Instance Settings > OAuth 2 > Authorize Screen.
      2. Set the Login URL to /. This redirects to the home page instead of the login page.

    2. Blacklist Certain Modules (Only applicable if not using OAuth 2 for authentication):
      1. Blacklist the com.liferay.oauth2.provider.rest module. This makes accessing /o/oauth2/authorize return a 404 error.
        • Navigate to Control Panel > System Settings > Module Container > Bundle Blacklist.
        • Add com.liferay.oauth2.provider.rest to the Blacklist Bundle Symbolic Names field.
      2. Blacklist the com.liferay.oauth2.provider.service module. This prevents the URL from appearing in the source code.
        • Navigate to Control Panel > System Settings > Module Container > Bundle Blacklist.
        • Add com.liferay.oauth2.provider.service to the Blacklist Bundle Symbolic Names field.

    3. Disable the Login Portlet for SAML Authentication:

      • If exclusively using SAML for authentication, disable the login portlet.
        • Navigate to Control Panel > System Settings > SSO > SAML Provider Configuration.
        • Disable the Allow showing the login portlet option.

NOTE:

  • Before proceeding with any configurations, it is recommended to first implement them in the lower environment and ensure their effectiveness before applying them to the production environment. Configurations should be adjusted based on specific requirements, as the suitability depends on the individual scenario.

 

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?