Authentication Verifiers
Liferay PaaS or Self-hosted
Authentication Verifiers are internal instances of code that determine if the provided credentials—whether that’s a user name/password, a token, an HTTP header, or a parameter—match a user account. Liferay has built-in implementations for the most common situations, such as when remote clients use HTTP Basic authentication, send credentials in request parameters, use the JSESSIONID
, or other shared secrets.
It’s important to note that authentication verifiers do not provide credentials; they only verify existing credentials that have already been provided, along with authenticated sessions.
Configuring Authentication Verifiers
Clarity Vision Solutions wants to lock down certain features they won’t be using. Since they have no plans for connecting their instance to LibreOffice/OpenOffice for file conversion, they’ve decided to turn off the Image Request Authentication Verifier.
-
Go to Control Panel → System Settings → Security → API Authentication.
-
The Image Request authentication verifier is the first in the list, so it’s selected already. Uncheck the Enabled check box.
-
Click Save.
You have now disabled the Image Request authentication verifier. For a list of what the other ones do, see the link below.
Next: Password Policies