Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16953

Strangers can always create an account using SSO authentication (Google)

    Details

    • Business Value:
      3
    • CVSS Base Score:
      6.5
    • CVSS Vector String:
      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

      Description

      In Liferay DXP 7.1 and DXP 7.0, SSO authentication does not respect the setting, "Allow strangers to create accounts?" If SSO authentication is enabled, users who authenticate using Facebook, Google, OpenID, OpenID Connect or OpenSSO can create an account even if strangers are not allowed to create accounts.

      Note: Google SSO is not bundled with DXP 7.2.

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              tibor.lipusz Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE