Hi, I have created public jira IDENTITY-5166 <https://wso2.org/jira/browse/IDENTITY-5166> to track this implementation.
Thanks! -Ayesha On Mon, Sep 26, 2016 at 5:14 PM, Ayesha Dissanayaka <aye...@wso2.com> wrote: > Hi, > > I have started working on [1], which forces password reset for a user > after a administrative password recovery action. > > Based on the off-line discussion with Darshana, this flow can be as > follows. > > 1. User, '*Bob*' forgets password and request administrative person > for a password reset action > 2. Admin person reset the password and provide a new password to *Bob* > off-line > 3. This can be performed using management console > 4. When *Bob* tries to log-in with newly provided password, login page > should prompt password reset UI to *Bob* > 5. And without changing the password Bob cannot login to the system > 6. There should be a way to distinguish *user password reset* vs. *admin > password reset*. > > But additionally, there can be enhancements to this flow by sending an OTP > in an email to the user, 'Bob' and enforcing password reset by directing to > a provided link. > > What are your thoughts on this? > > [1] https://redmine.wso2.com/issues/5417 > > Thanks! > -Ayesha > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: aye...@wso2.com <ayshsa...@gmail.com> > -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture