Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-04 Thread Dimuthu Leelarathne
On Tue, Oct 4, 2016 at 2:49 PM, Ishara Karunarathna wrote: > Hi Dimuthu, > > On Tue, Oct 4, 2016 at 10:54 AM, Dimuthu Leelarathne > wrote: > >> Hi Johann, >> >> Lets take the read-only case. Our current or future (C5) architecture >> does not support claims

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-04 Thread Ishara Karunarathna
Hi Dimuthu, On Tue, Oct 4, 2016 at 10:54 AM, Dimuthu Leelarathne wrote: > Hi Johann, > > Lets take the read-only case. Our current or future (C5) architecture does > not support claims coming from two user stores. And that is ok. But ... we > have this habbit of adding a

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-04 Thread Johann Nallathamby
On Tue, Oct 4, 2016 at 11:25 AM, Manjula Rathnayake wrote: > Hi all, > > It is not clear to me how password reset operation is valid for > read-only user stores. is it a valid use case? > Yes. We must support it even for read only user stores. User stores are plugged in

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-04 Thread Johann Nallathamby
On Tue, Oct 4, 2016 at 10:54 AM, Dimuthu Leelarathne wrote: > Hi Johann, > > Lets take the read-only case. Our current or future (C5) architecture does > not support claims coming from two user stores. > In C5 we have this. So yes it can go as a internal DB based user store

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-04 Thread Dimuthu Leelarathne
On Tue, Oct 4, 2016 at 11:25 AM, Manjula Rathnayake wrote: > Hi all, > > It is not clear to me how password reset operation is valid for > read-only user stores. is it a valid use case? > > Just took an example. But the generic idea is we take user claims to store stuff. So we

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-03 Thread Manjula Rathnayake
Hi all, It is not clear to me how password reset operation is valid for read-only user stores. is it a valid use case? thank you. On Tue, Oct 4, 2016 at 10:54 AM, Dimuthu Leelarathne wrote: > Hi Johann, > > Lets take the read-only case. Our current or future (C5)

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-03 Thread Dimuthu Leelarathne
Hi Johann, Lets take the read-only case. Our current or future (C5) architecture does not support claims coming from two user stores. And that is ok. But ... we have this habbit of adding a claim whenever we want to do a new feature, is it a good idea to store system claim values in the internal

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-03 Thread Johann Nallathamby
On Mon, Oct 3, 2016 at 1:00 PM, Manjula Rathnayake wrote: > Hi Ayesha, > > On Fri, Sep 30, 2016 at 3:17 PM, Ayesha Dissanayaka > wrote: > >> Hi all, >> >> Based on the discussions with Johann, Darshana, Isura and myself, we >> identified following use cases

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-10-03 Thread Manjula Rathnayake
Hi Ayesha, On Fri, Sep 30, 2016 at 3:17 PM, Ayesha Dissanayaka wrote: > Hi all, > > Based on the discussions with Johann, Darshana, Isura and myself, we > identified following use cases and design concerns. > > There are three cases of Admin Forced Password Reset action, > >

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-09-28 Thread Ayesha Dissanayaka
Hi Ishara, Thank you for the input. Having similar discussion with Darshana and Isura, I have started extending askPassword implementation with email verification flow in order trigger a password reset by capturing "update credential" event. Still, we need a mechanism to distinguish admin

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-09-28 Thread Ishara Karunarathna
Hi Ayesha, On Tue, Sep 27, 2016 at 11:00 AM, Isura Karunaratne wrote: > Hi Ayesha, > > We can extend Ask Password feature we developed in IS 5.3.0 to support > this feature. So, we can send a confirmation email rather than an OTP. > There can be different user cases. If we think

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-09-27 Thread Kathees Rajendram
Hi Ayesha, The similar implementation is done in authentication flow It enforces password reset for user when last password change time is exceed number of days days with compared with current day. [1] - https://github.com/wso2-extensions/identity-outbound-auth-passwordPolicy [2] -

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-09-26 Thread Isura Karunaratne
Hi Ayesha, We can extend Ask Password feature we developed in IS 5.3.0 to support this feature. So, we can send a confirmation email rather than an OTP. Thanks Isura *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog :

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

2016-09-26 Thread Ayesha Dissanayaka
Hi, I have created public jira IDENTITY-5166 to track this implementation. Thanks! -Ayesha On Mon, Sep 26, 2016 at 5:14 PM, Ayesha Dissanayaka wrote: > Hi, > > I have started working on [1], which forces password reset for a user