Authentication Verifiers

Authentication Verifiers

LXC-SM or Self-hosted

Authentication Verifiers are internal instances of code that determine if the provided credentials—whether that’s a user name/password, a token, an HTTP header, or a parameter—match a user account. Liferay has built-in implementations for the most common situations, such as when remote clients use HTTP Basic authentication, send credentials in request parameters, use the JSESSIONID, or other shared secrets.

It’s important to note that authentication verifiers do not provide credentials; they only verify existing credentials that have already been provided, along with authenticated sessions.

Configuring Authentication Verifiers

Delectable Bonsai wants to lock down certain features they won’t be using. Since they have no plans for connecting their instance to LibreOffice/OpenOffice for file conversion, they’ve decided to turn off the Image Request Authentication Verifier.

  1. Go to Control PanelSystem SettingsSecurityAPI Authentication.

  2. The Image Request authentication verifier is the first in the list, so it’s selected already. Uncheck the Enabled check box.

  3. Click Save.

The Image Request authentication verifier is used only by LibreOffice.

You have now disabled the Image Request authentication verifier. For a list of what the other ones do, see the link below.

Next: Password Policies

Relevant Concepts

Using Authentication Verifiers