Issue
- When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead.
Environment
- DXP 7.4
Resolution
-
In DXP 7.3, when users are not logged in and they navigate to a private page's URL, they are prompted to login. This behavior is controlled by the portal property
auth.login.prompt.enabled
, which is set to true by default in DXP 7.3. -
If
auth.login.prompt.enabled
is set to false, the expected behavior is for all users that have no entitlements to view the resource to be informed that a requested resource is not found, with no prompts for login. -
However, the
auth.login.prompt.enabled
is no longer available in DXP 7.4, and is disabled by default to comply with OWASP best practices. (Change applied by LPS-141291) -
To re-enable the login prompt for privates pages in DXP 7.4, depending on the scope you'd like to set the behavior for (System, Instance, or Site), additional configuration in the Control Panel must be set.
-
For System Level scope, the following instructions can be used:
- Navigate to Control Panel > System Settings > Login
- Check the 'Prompt Enabled' checkbox.
- Click Save.
-
For System Level scope, the following instructions can be used:
Additional Information
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In