Hi Ishara, Thank you for the input. Having similar discussion with Darshana and Isura, I have started extending askPassword implementation with email verification flow in order trigger a password reset by capturing "update credential" event. Still, we need a mechanism to distinguish admin password reset vs. user password reset.
Thanks! -Ayesha On Wed, Sep 28, 2016 at 12:06 PM, Ishara Karunarathna <[email protected]> wrote: > Hi Ayesha, > > On Tue, Sep 27, 2016 at 11:00 AM, Isura Karunaratne <[email protected]> > wrote: > >> Hi Ayesha, >> >> We can extend Ask Password feature we developed in IS 5.3.0 to support >> this feature. So, we can send a confirmation email rather than an OTP. >> > There can be different user cases. > If we think about a call center scenario then customer will call to > support center and asked to reset the password and will communicate that to > the client that time, then use can login and 1st attempt he need to reset > the password. > Then we can set an additional flag to user attribute that indicate that > this password reset by admin. > And then this can be checked in Password Policy Authenticator. > > And secured way to handle this extending Ask password implementation and > send a email and rest the password. or send a OTP to customer and enforce > to rest in 1st login. > I think better to implement the 1st scenario and extent to these cases. > > Thanks, > Ishara > >> >> Thanks >> Isura >> >> >> *Isura Dilhara Karunaratne* >> Senior Software Engineer | WSO2 >> Email: [email protected] >> Mob : +94 772 254 810 >> Blog : http://isurad.blogspot.com/ >> >> >> >> >> On Mon, Sep 26, 2016 at 10:03 PM, Ayesha Dissanayaka <[email protected]> >> wrote: >> >>> Hi, >>> >>> I have created public jira IDENTITY-5166 >>> <https://wso2.org/jira/browse/IDENTITY-5166> to track this >>> implementation. >>> >>> Thanks! >>> -Ayesha >>> >>> >>> >>> On Mon, Sep 26, 2016 at 5:14 PM, Ayesha Dissanayaka <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I have started working on [1], which forces password reset for a user >>>> after a administrative password recovery action. >>>> >>>> Based on the off-line discussion with Darshana, this flow can be as >>>> follows. >>>> >>>> 1. User, '*Bob*' forgets password and request administrative person >>>> for a password reset action >>>> 2. Admin person reset the password and provide a new password to >>>> *Bob* off-line >>>> 3. This can be performed using management console >>>> 4. When *Bob* tries to log-in with newly provided password, login >>>> page should prompt password reset UI to *Bob* >>>> 5. And without changing the password Bob cannot login to the system >>>> 6. There should be a way to distinguish *user password reset* vs. *admin >>>> password reset*. >>>> >>>> But additionally, there can be enhancements to this flow by sending an >>>> OTP in an email to the user, 'Bob' and enforcing password reset by >>>> directing to a provided link. >>>> >>>> What are your thoughts on this? >>>> >>>> [1] https://redmine.wso2.com/issues/5417 >>>> >>>> Thanks! >>>> -Ayesha >>>> >>>> -- >>>> *Ayesha Dissanayaka* >>>> Software Engineer, >>>> WSO2, Inc : http://wso2.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>> 20, Palmgrove Avenue, Colombo 3 >>>> E-Mail: [email protected] <[email protected]> >>>> >>> >>> >>> >>> -- >>> *Ayesha Dissanayaka* >>> Software Engineer, >>> WSO2, Inc : http://wso2.com >>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>> 20, Palmgrove Avenue, Colombo 3 >>> E-Mail: [email protected] <[email protected]> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: [email protected] <[email protected]>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
