In liferay 6.2 to Disable Reset New password page from user Login the
following properties were added in portal-ext.properties file.
To turn off password reset page
passwords.default.policy.change.required=false
but still the new user when he logs in for the first time in liferay can view reset password page and user can reset his password.
if anyone knows the solution how to disable password reset page in liferay 6.2 please share the solution. it would be great help.
thanks in advance
Some properties can be changed in portal-ext.properties after first installation, but some of them can't.
Furthermore, if you change some property at the control panel, you won't be able to manage it from properties file anymore, as it goes to the database.
When a property change has no effect, the first thing to look at is who manages it (file or database). You can see it in your control panel:
http://localhost:8080/group/control_panel/manage/-/server/properties/portal-properties
Search for your property and look at the origin icon. It can be a file or a database. If it's a database, you must go to the passwords policy administration to manage it.
You can set properties in portal-ext like users.form.update.main=details,organizations,sites,roles
Restart the server and the problem is solved.
Related
I have a app JSF2/Richfaces4 with login page and many internal pages
for the normal enterprise. I don't know why, but when the user click
to save the login/password in the browser, some internal pages (3
until today) sometimes are loaded with some field autocompleted using
the same value of the password. Then, the user must clear the local
password saving to solve the problem. What do I need to do to explain
for the browser that it haven't to fill automatically these fields.
Actually, the form and input tag have "autocomplete=off" attribute, which seems not be honored by all browsers (as usual).
Another way is that the user turns of the auto-completion in his browser, which you maybe cannot expect them to do.
Maybe theses link help you out.
https://gist.github.com/runspired/b9fdf1fa74fc9fb4554418dea35718fe
https://www.20spokes.com/blog/what-to-do-when-chrome-ignores-autocomplete-off-on-your-form
I dont want user to allow to login from the multiple pc, if user has already logged from one pc and tried to login from the another pc, the first session should be logged out,can anyone please help me?
You can use below portal property to achieve what you want.
#
# Set the following to true if users are allowed to have simultaneous logins
# from different sessions. This property is not used unless the property
# "live.users.enabled" is set to true.
#
auth.simultaneous.logins=false
Please note that you have to all set live.users.enabled property to true. Put these properties in your portal's portal-ext.properties file.
The first session will be logged-out when you login through different browser/machine.
Is there a way to remove the control panel in liferay completely through server-side settings? Because my users don't even want the admin to view the Admin button to access the control panel. Was thinking of removing the my account portlet in the liferay-portal.xml but it is still appearing for the adminstrator.
Simple do not show the docbar on the page. The doc bar can be disabled by removing the following code in portal_normal.vm
<#if is_signed_in>
<#liferay.dockbar />
</#if>
Simple "visual" hiding may not be enough because you'll still be able to access the Control Panel through the direct link (/group/control_panel).
So to disable it completely, take a closer look at the following method:
com.liferay.portal.events.ServicePreAction.isViewableGroup() {
....
if (group.isControlPanel()) { }
....
}
If they don't trust their administrator to make sensible use of the permissions that come with an administrator, why not just provide a user account with less permissions - e.g. not being able to access anything in controlpanel. Accessing to CP is a standard permission that you can grant or revoke to custom roles.
If you ever want to configure Liferay again, I'd advise to keep CP around.
There is an application that we are using it both on XPiNC and browsers.
Before you can access the application, you must log-in with your user.id from lotus notes. The problem is there are several login msgboxes ( where you must again log in with your username and passwords ) saying:
The server says /xsp/.ibmxspres/dojoroot-1.8.1/dojo.
or
The server says /xsp/.ibmxspres/.mini/dojo/.en-us.
or
The server says /xsp/.ibmxspres/.mini/css.
or
The server says /xsp/.ibmxspres/.extlib/icons.
and so on. Even when I just hit F5 when I'm logged on in application ( there is, also, a computed field which displays the username ) those type of messages are being displayed.
What should I do as a developer? Or there must be some settings at the server?
I have the following ACL rights:
ACL: User type: Person and Access: Manager.
Effective access: all the checkboxes are checked except Full Access Administrator
Thanks for your time!
Ok, this should be straight out of the box ;-)
What I find strange is that the ressources you seem to be asked for access to use are some of the "built in" ressources (Dojo, css, etc.) in XPages...???
So first thing is really to test that this has nothing to do with your application:
Create a new application
Set a proper ACL that will force you to log in (Default reader or higher, a person called "Anonymous" no access)
Create a simple XPage and open it from the browser
What happens?
If everything works, then you need to add some elements that use the ressources (css, Dojo, etc.). Then what happens?
I guess you will see the same problems... If so, you need to have a look at the way you have set up your server for web access. Are you using internet sites? Do you use basic or session based authentication?
What does the ACL of your application look like?
What you experience could be caused by "realms" i.e. the "path" to which you log in. A simple example:
If you are required to log in to access the ressource /path/db.nsf/view/doc1?openDocument then your realm will be "/path/db.nsf/view/" - if then you try to create a document using /path/db.nsf/newDoc.xsp then you could be asked for access to the realm "/path/db.nsf/".
I must admit that I haven't seen these issues for quite a while - but that may be due to the fact that I control access to the database as a whole - if users need access to something inside the database I implement it using "public access". But first, let us hear a little more about your findings before we chase it as a realm issue ;-)
EDIT:
Ok, so you are using basic authentication. There are lots of good reasons to use session based authentication instead. However, that does not explain your problem. What OS are you using? An OS with file access in the file structure? Could it be that the user running Domino does not have access to the ressources? Have any (file) restrictions to these directories been set up? You really should not be prompted to login for these ressources....
Did you try another "new" application?
/John
Switch to session based authentication. The multiple prompts point to BASIC where you can't logout unless you close the browser
I have a website that uses Windows Authentication to authenticate its users. Normally when a user accesses the site on an IE browser the username field is populated with the computers domain name and user name. This is usually incorrect and the user enters the correct username and their password and can access the site.
I have a user now on Windows 7 IE8(I beleive) and the username field in the credential prompt is being autopopulated with domain\userName except the username is incorrect and we cannot change it. The user is unable to log into the site because of this. Has anyone experienced this before? Does anyone know why the username field cannot be changed? Solutions I have tried:
Clearing cache and stored form data/passwords etc
Site is in users trusted sites. So I had the user change the settings to "Prompt for username and password" but the prompt still comes up with the username autopopulated and does not let her change it.
I have never run into this before. Our users do not have any issue logging in, its just this one corporate location that was just set up and is running Windows 7(Rest of the company is under Windows XP) If it matters this is a sharepoint 2010 web application
Any help on this would be greatly appreciated as I have an entire group of users with this problem. Im willing to bet this would not be an issue in a different browser but they need to be able to use IE for application compatibility reasons.
Thanks!
I was able to fix it by doing the following:
Go to Start, Control Panel, User Accounts, then click Manage Your Credentials, and look for the credentials to your site, if they are there Modify and “Remove from vault” ( I suppose you could Edit them to the correct credentials but I just removed it and it did not prompt her).
She had the wrong credentials stored there. Im not sure why clearing the cache and passwords from the internet options didnt work but this did.
I had this problem with a user where the domain stored with the credentials could not be changed. This is the only item online I could find even close to my problem. The user saw "user-pcdomain\localusername" auto entered in the form. He tried to correct it with "workdomain\workusername" but got a message saying "Please enter a user name and password". Eventually we realized that his system was sending "user-pcdomain\workdomain" as his username. I've never seen a login misfire like that.
In his case he did not have his credentials stored but needed to add credentials - "workdomain\workusername" - for all of the domains he needed to access.
The point is - to expand on the answer - that IE or Windows 7 or both will store credentials incorrectly on rare occasions and the solution is be creative about adding\editing\remove credentials with Manage Your Credentials