Search Results

All Results 50
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Integrate Okta with Liferay DXP using OpenID Connect
How To
Introduction This recipe guides you through the steps to integrate Okta, your Identity Provider (IdP), with your Liferay environment using OpenID Connect. Prerequisites Okta Dev account Liferay DXP environment Administrative...
Security and Administration
Official Documentation
Security and Administration After installation comes configuration. There are three areas you should examine carefully before opening your system to users: Security Administration Settings ...
Audit Configuration Reference
Official Documentation
Audit Configuration Reference Configuration settings for audits are available at a system scope. You can find these settings by opening the Global Menu (Global Menu) and navigating to Control Panel...
Audit Framework
Official Documentation
Audit Framework Liferay's audit framework shows activities relating to users, user groups, organizations, roles, multi-factor authentication, and objects (definitions, fields, actions, layouts,...
Searching and Exporting Audit Events
Official Documentation
Searching and Exporting Audit Events The audit application comes with simple and advanced searching capabilities. To use the simple search, you can enter a search term and click the magnifying...
User Authentication
Official Documentation
User Authentication The User Authentication settings define how Users can authenticate, the various authentication methods that are required for them, and the screen names and email addresses that...
Securing Liferay
Official Documentation
Securing Liferay Liferay is built with security in mind. This includes mitigation of common security vulnerabilities and exploits like those described by the OWASP Top 10 and the CWE/SANS Top 25. ...
Securing Sign-In
Official Documentation
Securing Sign-In The Sign-In widget calls the various mechanisms (the portal database, an LDAP server, a SAML identity provider, or any of the ways users can authenticate) that authenticate users....
Configuring Authentication Types
Official Documentation
Configuring Authentication Types Users can be configured to log in using one of three authentication types: Authentication TypeDescriptionUsed by Default? Screen NameDetermined by administrator or...
Configuring Single Sign-On
Official Documentation
Configuring Single Sign-On Liferay Portal/DXP supports many ways of authenticating, from token-based solutions to standards such as OpenID Connect and SAML. With all the available options, you...
Configuring Sign-In
Official Documentation
Configuring Sign-In By default, Liferay DXP uses the Sign In widget to authenticate users. The Sign In widget appears on the default home page at http[s]://[server-name:port]/web/guest/home. If...
Authenticating with CAS (Central Authentication Service)
Official Documentation
Authenticating with CAS (Central Authentication Service) CAS was deprecated as of Liferay DXP 7.2 and removed as of Liferay DXP 7.4. Please use SAML instead. CAS is a widely used open source...
SAML Admin
Official Documentation
SAML Admin The SAML Admin panel is the best place to configure your SAML instance. Use it instead of Instance Settings to streamline your SAML administration experience. Starting from Liferay...
Configuring SAML at the Instance Level
Official Documentation
Configuring SAML at the Instance Level Each portal instance can be a SAML provider, either an Identity Provider (IdP) or a Service Provider (SP). Whichever role your DXP instance fills, you can...
Configuring SAML at the System Level
Official Documentation
Configuring SAML at the System Level Before allowing any portal instances to enable SAML authentication, you should configure it at the system level so those instances have a foundation from which...
Authenticating with Kerberos
Official Documentation
Authenticating with Kerberos You can use Kerberos to authenticate Microsoft Windows™ accounts with Liferay DXP. This is done by using a combination of Liferay DXP's LDAP support and a web server...
SAML Authentication Process Overview
Official Documentation
SAML Authentication Process Overview Both the IdP and the SP can initiate the Single Sign On process, and the SSO flow is different depending on each one. Regardless of how it's initiated, SSO is...
Configuring Liferay Authentication With Auth0 Using OpenId Connect
Official Documentation
Configuring Liferay Authentication With Auth0 Using OpenId Connect This tutorial guides you through integrating Auth0, your Identity Provider (IdP), with your Liferay environment using OpenID...
Multi-Factor Authentication Checkers
Official Documentation
Multi-Factor Authentication Checkers Liferay DXP 7.4 ships with two additional factor checkers for Multi-Factor Authentication. Both of them are disabled by default, because they're only useful in...
Configuring Liferay Authentication With Okta Using OpenId Connect
Official Documentation
Configuring Liferay Authentication With Okta Using OpenId Connect This tutorial guides you through the basic steps needed to integrate Okta, your Identity Provider (IdP), with your environment...
Configuring Liferay Authentication With PingOne Using SAML
Official Documentation
Configuring Liferay Authentication With PingOne Using SAML This tutorial guides you through the basic steps needed to integrate PingOne, your Identity Provider (IdP), with your Liferay environment...
Token-based Single Sign On Authentication
Official Documentation
Token-based Single Sign On Authentication Token-based SSO authentication was introduced in Liferay Portal 7.0 to standardize support for Shibboleth, SiteMinder, Oracle OAM, and any SSO product that...
Using OpenAM
Official Documentation
Using OpenAM Deprecated in Liferay DXP 2024.Q4/Portal GA129 OpenAM 13 is deprecated as of Liferay DXP 2024.Q4/Portal GA129. OpenAM 12 and below were deprecated as of Liferay DXP 7.2. Versions of...
Multi-Factor Authentication
Official Documentation
Multi-Factor Authentication Liferay DXP 7.3+ Multi-Factor Authentication (MFA) provides better security by requiring users to prove their identity in multiple ways, or factors. The basic user...
Fast IDentity Online 2
Official Documentation
Fast IDentity Online 2 Available: Liferay DXP/Portal 7.4+ The Fast IDentity Online 2 or FIDO2 standard allows for the use of biometrics (i.e., fingerprint readers), mobile devices, or other...
Using Multi-Factor Authentication
Official Documentation
Using Multi-Factor Authentication To enhance your installation's security, you should disable less secure, one-factor forms of authentication, such as Basic Auth, Digest Auth, and WebDAV. You can...
System for Cross-domain Identity Management (SCIM)
Official Documentation
System for Cross-domain Identity Management (SCIM) Liferay DXP 2024.Q1+ System for Cross-domain Identity Management or SCIM, is an open standard that automates user provisioning. In other words,...
AntiSamy
Official Documentation
AntiSamy Liferay DXP includes an AntiSamy module that protects against user-entered malicious code. If your site allows users to post content in message boards, blogs, or other applications, these...
Connecting to a User Directory
Official Documentation
Connecting to a User Directory LDAP (Lightweight Directory Access Protocol) is a common user store for Liferay DXP. You can import user information from an LDAP server into Liferay or export...
Connecting to an LDAP Directory
Official Documentation
Connecting to an LDAP Directory Lightweight Directory Access Protocol (LDAP) servers are common user stores for Liferay DXP. You can configure LDAP at the system scope in System Settings or at the...
LDAP Configuration Reference
Official Documentation
LDAP Configuration Reference To access LDAP configuration settings, open the Global Menu (Applications Menu icon) and navigate to Control Panel → Configuration → Instance Settings → Security →...
Creating an OAuth2 Application
Official Documentation
Creating an OAuth2 Application When you have an application that can use OAuth 2.0 for authorization, you must register that application so Liferay can recognize it. Open the Global Menu...
Authorizing Account Access with OAuth2
Official Documentation
Authorizing Account Access with OAuth2 Once you have an application registered, you can start authorizing users. To do that, you must construct the URL to the authorization server (Liferay DXP)....
JSON Web Token Assertions
Official Documentation
JSON Web Token Assertions An assertion helps in sharing identity and security information across different domains. There are two uses for assertions: Authorization grants Client authentication...
Using Private Key JWT (JSON Web Token)
Official Documentation
Using Private Key JWT (JSON Web Token) Liferay supports private key JWT as an authentication method for OAuth 2 clients. In this flow, the client itself creates the assertion. Liferay authenticates...
Using OAuth 2.0
Official Documentation
Using OAuth 2.0 OAuth 2.0 is an industry-standard authorization protocol. Users with accounts on a Liferay-based website can share select credentials with various clients seamlessly. OAuth 2.0...
JSON Web Tokens (JWTs)
Official Documentation
JSON Web Tokens (JWTs) JSON Web Tokens (JWTs) represent encoded data. They are compact, self-contained, and secure. There are two primary types of JSON Web Tokens: Encrypted JWT: ensures the...
Configuring the JWT Bearer Flow
Official Documentation
Configuring the JWT Bearer Flow To use JWT Bearer as a grant type in Liferay, you must create an OAuth 2 client with the Client Authentication Method set to Client Secret Basic or Post. The client...
Issuing JWT Access Tokens
Official Documentation
Issuing JWT Access Tokens Liferay DXP 7.4 U45+/GA45+ You can configure Liferay to issue access tokens in the JWT format from System Settings. Enabling JWT Tokens Open the Global Menu...
Using OAuth2 to Authorize Users
Official Documentation
Using OAuth2 to Authorize Users You can create applications that access Liferay's headless REST APIs using the OAuth 2.0 authorization protocol. The provided sample React app demonstrates three...
Client Secret JWT
Official Documentation
Client Secret JWT Liferay supports client secret JWT as an authentication method for OAuth 2 clients. In this flow, the client itself creates the assertion and signs it using the client secret....
OAuth 2 Scopes
Official Documentation
OAuth 2 Scopes In OAuth 2.0, applications are granted access to limited subsets of user data. These are called scopes (not to be confused with Liferay scopes). You can create them in two ways: ...
Captcha API Basics
Official Documentation
Captcha API Basics Liferay provides a headless API to retrieve and submit captchas using the SimpleCAPTCHA engine. Using the /captcha endpoint from the API Explorer, you can add captchas in your...
SCIM User API Basics
Official Documentation
SCIM User API Basics Liferay DXP 2024.Q1+/Portal GA112+ Liferay provides a headless API to perform CRUD operations on SCIM users to keep their identity information in sync with your company's...
SCIM Resource Type, Service Provider, and Schema Basics
Official Documentation
SCIM Resource Type, Service Provider, and Schema Basics Liferay DXP 2025.Q2+ Liferay provides a headless API to query the SCIM resource types, service providers, and schemas available. Use the...
SCIM Group API Basics
Official Documentation
SCIM Group API Basics Liferay DXP 2024.Q1+/Portal GA112+ Liferay provides a headless API to perform CRUD operations on SCIM groups to keep their information in sync with your company's...
Authenticating with SAML
Official Documentation
Authenticating with SAML The SAML (Security Assertion Markup Language) adapter provides Single Sign On (SSO) and Single Log Off (SLO) in your deployment. SAML works by using Identity Providers...
Using OpenID Connect
Official Documentation
Using OpenID Connect OpenID Connect is a lightweight authentication layer that enables users to authenticate using accounts they have on other systems. It's built on top of the OAuth 2.0...
Importing User Groups' Memberships from an External IdP through SAML
Official Documentation
Importing User Groups' Memberships from an External IdP through SAML This feature was released behind a dev feature flag. It was made Generally Available (GA) in Liferay DXP 2024.Q2/Portal GA120....
Configuring User Import and Export
Official Documentation
Configuring User Import and Export The import/export settings configure mappings between LDAP and Liferay to match users between the two systems. Finding Users in Your LDAP Directory...