Hi Ayesha, The similar implementation is done in authentication flow It enforces password reset for user when last password change time is exceed number of days days with compared with current day.
[1] - https://github.com/wso2-extensions/identity-outbound-auth-passwordPolicy [2] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Password+Policy+Authenticator Thanks, Kathees On Tue, Sep 27, 2016 at 11:00 AM, Isura Karunaratne <[email protected]> wrote: > Hi Ayesha, > > We can extend Ask Password feature we developed in IS 5.3.0 to support > this feature. So, we can send a confirmation email rather than an OTP. > > Thanks > Isura > > > *Isura Dilhara Karunaratne* > Senior Software Engineer | WSO2 > Email: [email protected] > Mob : +94 772 254 810 > Blog : http://isurad.blogspot.com/ > > > > > On Mon, Sep 26, 2016 at 10:03 PM, Ayesha Dissanayaka <[email protected]> > wrote: > >> Hi, >> >> I have created public jira IDENTITY-5166 >> <https://wso2.org/jira/browse/IDENTITY-5166> to track this >> implementation. >> >> Thanks! >> -Ayesha >> >> >> >> On Mon, Sep 26, 2016 at 5:14 PM, Ayesha Dissanayaka <[email protected]> >> wrote: >> >>> Hi, >>> >>> I have started working on [1], which forces password reset for a user >>> after a administrative password recovery action. >>> >>> Based on the off-line discussion with Darshana, this flow can be as >>> follows. >>> >>> 1. User, '*Bob*' forgets password and request administrative person >>> for a password reset action >>> 2. Admin person reset the password and provide a new password to >>> *Bob* off-line >>> 3. This can be performed using management console >>> 4. When *Bob* tries to log-in with newly provided password, login >>> page should prompt password reset UI to *Bob* >>> 5. And without changing the password Bob cannot login to the system >>> 6. There should be a way to distinguish *user password reset* vs. *admin >>> password reset*. >>> >>> But additionally, there can be enhancements to this flow by sending an >>> OTP in an email to the user, 'Bob' and enforcing password reset by >>> directing to a provided link. >>> >>> What are your thoughts on this? >>> >>> [1] https://redmine.wso2.com/issues/5417 >>> >>> Thanks! >>> -Ayesha >>> >>> -- >>> *Ayesha Dissanayaka* >>> Software Engineer, >>> WSO2, Inc : http://wso2.com >>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>> 20, Palmgrove Avenue, Colombo 3 >>> E-Mail: [email protected] <[email protected]> >>> >> >> >> >> -- >> *Ayesha Dissanayaka* >> Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palmgrove Avenue, Colombo 3 >> E-Mail: [email protected] <[email protected]> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
