Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-33950

Required HTTPS SSL Authentication fails when accessing through unsecure port

    Details

      Description

      Description
      When enforcing https authentication for portal security on ports other than 80/443, the login will fail when attempting to login through an unsecure port. (default 8080)

      Steps to Reproduce
      1) Configure a SSL environment. For my testing I used Tomcat:
      http://www.liferay.com/group/customer/kbase/-/knowledge_base/article/14406628

      2) Place the property 'company.security.auth.requires.https=true' into portal-ext.properties

      3) Connect Liferay 6.0 SP1 to empty database. This should also set the portal at 'localhost' for its virtual host.

      4) Navigate to 'http://localhost:8080' - Log in fails.

      5) Navigating to 'https://localhost:8443' - After accepting certificate - Log in works.

      When attempting to enforce https authentication while accessing the unsecure port (8080), the login fails.

      When using ports 80/443, the authentication works correctly. The URL however is formatted differently in that 80/443 are not present.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 24 weeks, 6 days ago

                Packages

                Version Package
                6.0.12 EE