>>> Realm new user / edit user:
https://gatein.mybalsamiq.com/projects/keycloak/Realm%20new%20user
>> I am not sure if I understand correctly 'By clicking it, the fields
"Current password" and "New password" appear'. Does that mean that
to change password administrator needs to know old password of user? I don't think
that it is possible as in underlying backend model (Picketlink) are passwords saved hashed
and salted, so administrator couldn't know the original password of user.
> So for admins we should only display the "New password" field, correct?
> Should we display "Current password" whenever the user is trying to update
his own password?
hmm... not sure if it's necessary as user would have possibility to change his
password in Keycloak UI, but he needs to authenticate to Keycloak before he can go there,
which means that he already provided his password during Keycloak authentication. It may
be also possible that some user wants to setup his password even if he doesn't have
any "current password" (For example if he register to Keycloak through social
network)
Actually this is a requirement. The prototype is here:
I guess this screen would be slightly different in case of having no password :)
Gabriel
--
Gabriel Cardoso
GateIn Portal | User Experience Designer