Liferay Portal Security

Liferay takes security very seriously. Liferay has established several procedures to make sure that Liferay Portal is as secure as possible. First of all, Liferay Portal is an open source product. As such, Liferay encourages security-minded community members to verify the product they’re using. All Liferay users benefit when even a few don’t blindly trust the provider! Please read Liferay security statement at for more information.

Next, Liferay forms a Community Security Team. This team addresses community security concerns, helps with security related questions on the Liferay forums, and releases security patches for Liferay Portal versions. Members of the Liferay community security team attend Liferay conferences and engage in other individual activities.

If you have time, please visit our community Hall of Fame for security reporters: These community members helped us and invested their time to report security issues. With their help, we make Liferay Portal better for the community and customers.

Although we act on community reports, we understands that community reports alone are not enough. Liferay’s internal security team also works on improving security. Liferay’s internal security team conducts internal security reviews. They check Liferay’s source code for common vulnerabilities that can be accidentally introduced by developers. Additionally, all Liferay Portal security related code is reviewed by Liferay’s application security team before it’s committed. For every major portal release, Liferay works with external security partners to perform security scans and penetration testing.

Because the security cycle never ends, the internal application security team gathers reports from Liferay customers and the Liferay community. The team also monitors other channels (Twitter, the full disclosure mailing list, the forums, etc.) to catch every security issue as soon as possible. Once fixed, Liferay’s Support, Release, and other teams work on backporting and releasing security patches for all supported versions.

Liferay Portal Security Overview

Liferay follows the OWASP Top 10 (2013) and CWE/SANS Top 25 lists to ensure that Liferay Portal is as secure as possible. Following these recommendations protects the portal against known kinds of...

Read More

Logging in to Liferay Portal

One of the primary functions of a web portal is to restrict access to different pages, content, and web applications. These kinds of portal resources should only be accessible by the appropriate...

Read More

Service Access Policies

Service access policies are a new feature in Liferay Portal CE 7.0. They are an additional layer of web service security defining services or service methods that can be invoked remotely. Many of...

Read More

Authentication Verifiers

Liferay Portal includes a centralized and extensible authentication layer called the authentication verification layer. This layer is mainly used for authenticating remote invocations of Liferay...

Read More


Liferay Portal fully supports LDAP as a user store. Use the LDAP tab in Instance Settings’s Authentication page to connect Liferay Portal to an LDAP directory. Users can be imported into Liferay...

Read More

Token-based Single Sign On Authentication

Token-based SSO authentication was introduced in Liferay Portal CE 7.0 to standardize support for Shibboleth, SiteMinder, and any other SSO product which works on the basis of propagating a token...

Read More

Authenticating with OpenID Connect

Note: OpenID Connect authentication is available in Liferay Portal on Fix Pack 79 or higher patch level. OpenID Connect is a lightweight authentication layer built on top of the OAuth 2.0...

Read More

OpenID Single Sign On Authentication

OpenID is a single sign-on standard implemented by multiple vendors. Users can register for an ID with the vendor they trust. The credential issued by that vendor can be used by all the web sites...

Read More

CAS (Central Authentication Service) Single Sign On Authentication

CAS is an authentication system originally created at Yale University. It is a widely used open source single sign-on solution and was the first SSO product to be supported by Liferay Portal....

Read More

OpenAM Single Sign On Authentication

OpenAM is an open source single sign-on solution that comes from the code base of Sun’s System Access Manager product. Liferay Portal integrates with OpenAM, allowing you to use OpenAM to integrate...

Read More

Facebook Connect Single Sign On Authentication

Facebook Connect SSO authentication is an integration with Facebook’s Graph API. It retrieves the user’s Facebook profile information and matches it to existing Liferay Portal users (either by...

Read More

NTLM Single Sign On Authentication

NTLM (NT LAN Manager) is a suite of Microsoft protocols that provide authentication, integrity, and confidentiality for users. Though Microsoft has adopted Kerberos in modern versions of Windows...

Read More


Liferay Portal includes an AntiSamy module that protects against malicious code that users might create. When creating content, users can include malicious code either intentionally or...

Read More
0 (0 Votes)
Configuring Remote Staging in a Clustered Environment Previous