Affects Version/s: 6.2.10 EE GA1, 7.0.0 DXP SP2, 7.0.0 DXP FP89, 7.0.X, 7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP4, 7.2.X, 7.3.0 CE GA1, 7.3.X, Master
Fix Version/s: None
Component/s: Application Security
One of our customers reported that the following property's description needs to be changed:
The customer pointed out, that according to the property's description, setting it to "false" should allow cross domain logins.
We might need to consider rewriting the property description to make it clear what exactly is needed for cross domain logins.
During my tests I have found that cross domain login is only possible when making changes on the application server. The TS Team confirmed this finding, see: LPP-22780.
1. Download up a Liferay 6.2 EE SP14 Liferay bundle
2. In your portal-ext.properties file, make sure that this property is not set to "true":
3. In your hosts file, set up the following entries:
4. Start your Liferay server and log on as administrator
5. Click on Site Administration - Site Settings - Site URL and set the virtual host as test.com
6. Create a new site and set up it's virtual host as sub.test.com
7. Log out, clear the cookies and log in to this site: http://test.com:8080/
8. Once logged in, try to log in to: http://sub.test.com:8080/
It should be possible to log on without re-typing the password
The password is required to log in