It would be interesting to customise the UI with new colours / logo since the current style is supposed to be used for products.

Also, please let me know if we need to improve / create new stuff for the UI.

Gabriel 

On Jan 24, 2014, at 10:50 AM, Bruno Oliveira <bruno@abstractj.org> wrote:

Good morning Stian, on AeroGear we had a discussion about how to properly reset passwords and we have too much to improve, but here comes my 2 cents.

--  
abstractj

On January 24, 2014 at 8:03:08 AM, Stian Thorgersen (stian@redhat.com) wrote:
Some comments in-line as well.

----- Original Message -----

I assume you're only talking about when an admin resets the password  
on-behalf of the user?

It should be simple enough to add a button to let an admin send a  
password reset link to a user as we already have that functionality  
for the user themselves. It's that what you want? We still need  
the option of being able to set a temp password in case the user  
doesn't have a email registered (or emails can't be used for whatever  
reason).

What concerns me about this approach is the fact that once the admin account is compromised, is possible to reset everyone’s account even if you don’t have access do the database. If users doesn’t have e-mail registered, maybe we could evaluate another confirmation method? Maybe TOTP?

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

---
Gabriel Cardoso
User Experience Designer @ Red Hat