Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16956

Strangers can always create an account using SSO authentication (Open SSO)

    Details

    • Business Value:
      3
    • CVSS Base Score:
      6.5
    • CVSS Vector String:
      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

      Description

      In Liferay DXP 7.1 and DXP 7.0, SSO authentication does not respect the setting, "Allow strangers to create accounts?" If SSO authentication is enabled, users who authenticate using Facebook, Google, OpenID, OpenID Connect or OpenSSO can create an account even if strangers are not allowed to create accounts.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE