Realm new user / edit user: https://gatein.mybalsamiq.com/projects/keycloak/Realm%20new%20user
I am not sure if I understand correctly 'By clicking it, the fields "Current password" and "New password" appear'. Does that mean that to change password administrator needs to know old password of user? I don't think that it is possible as in underlying backend model (Picketlink) are passwords saved hashed and salted, so administrator couldn't know the original password of user.
So for admins we should only display the "New password" field, correct? 
Should we display "Current password" whenever the user is trying to update his own password?
hmm... not sure if it's necessary as user would have possibility to change his password in Keycloak UI, but he needs to authenticate to Keycloak before he can go there, which means that he already provided his password during Keycloak authentication. It may be also possible that some user wants to setup his password even if he doesn't have any "current password" (For example if he register to Keycloak through social network)
Actually this is a requirement. The prototype is here: https://gatein.mybalsamiq.com/projects/keycloak/Linda%20change%20password
I guess this screen would be slightly different in case of having no password :)

Gabriel

--
Gabriel Cardoso
GateIn Portal | User Experience Designer