Release Notes

The previous OIDC authentication flow identified users based on their email address, which could led to mismatches if users changed their email or if different identity providers shared the same address. To ensure reliable user identification, the system now matches users using the OIDC sub (subject) claim, which is a permanent and unique identifier for each user.

Key Benefits:

 

  • Improved identity reliability: Using the OIDC sub claim ensures each user is consistently and uniquely identified, even if their email address changes over time.

  • Reduced authentication conflicts: Eliminates mismatches caused by shared or reused email addresses across different identity providers, improving security and user experience.

LPD-20879 - Secure OpenID Connect User Matching
Standard OpenID Connect Provider Connection
Generally Available (aka OOTB)

RFC 7591 enables OAuth 2.0 clients to register dynamically with the portal’s Authorization Server, removing the need for manual client setup. It defines how Liferay can securely accept client metadata, endpoints, and credentials on-the-fly. This allows Liferay apps, modules, or external services to integrate seamlessly and scale efficiently. By automating client onboarding, it strengthens Liferay’s identity and access management capabilities.

Key Benefits:

 

  • Eliminates manual configuration by allowing apps and external services to self-register securely with the Authorization Server.

  • Speeds up integrations and scaling by automating client onboarding while improving IAM consistency and security.

LPD-63416 - Add support for RFC 7591: Dynamic Client Registration
Using OAuth 2.0 - Technical Standards and Specifications
Beta

RFC 8414 provides the manual and error-prone process of configuring clients to talk to authorization servers by standardizing the way for the Authorization Server to publish its configuration automatically. The specific URLs (endpoints) and capabilities can be managed through the UI.

Key Benefits:

 

  • Eliminates the need to hardcode specific URLs, preventing configuration errors and allowing the server endpoints changes to be adapted instantly.

  • Provides a standard location for clients to find the server's public keys, enabling the server to rotate security keys automatically without breaking your application or requiring a software update.

LPD-63415 - Add support for RFC 8414: Authorization Server Metadata
Using OAuth 2.0 - Technical Standards and Specifications
Beta

As the CMS feature flag is removed, this functionality will be promoted from beta to release status.

LPD-44300 - Add Schedule capability for Object entries
Scheduling and Subscription
Beta Release Flag (opt-in)

Object entry pages can now use meaningful, human-readable URLs even when built with custom layouts. Instead of relying on automatically generated numeric identifiers, administrators can define addresses based on business data, such as an event name.

This improvement brings the same flexibility already available in other layout experiences to scenarios that require more advanced or tailored UIs. The result is clearer links, easier sharing, better discoverability, and a more consistent navigation pattern across the portal.

Key Benefits:

  • Consistency across layouts – Custom layouts now provide the same URL capabilities users already expect elsewhere.
LPD-65823 - Support Friendly URL on Custom Layouts for Object Entries
Generally Available (aka OOTB)
Product Capabilities
Feature Availability