Issue
- Once we setup a SAML SP connection, the SAML adapter doesn't recognize unauthenticated users and redirect them to /c/portal/login
Environment
- DXP 7.4
Resolution
-
This is intended behavior with the “Prompt Enabled” flag unchecked (unchecked by default).
To change this behavior, please enable “Prompt Enabled” on the SP site by doing the following:
- Go to SP site as the admin user
- Go to Configuration > Site Settings > Login
- Check the “Prompt Enabled” box.
It’s very important to note the description of this feature:
The last sentence is most important; although you can enable the prompt, you should do so with caution, as it will allow outside users to determine private pages. Basically, if there is a valid private page, the user will be redirected, so malicious users can determine private page names.Set this to true to prompt a guest user to login when attempting to access a protected page resource in the portal. By setting this value to false, the portal will inform all users that a requested resource is not found if they have no entitlements to view the resource. The portal will not prompt for login even if the user is a guest user. This behavior complies with OWASP best practices.
Additional Information
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión