[keycloak-dev] priorities and who is available?

Gabriel Cardoso gcardoso at redhat.com
Fri Jan 24 08:41:34 EST 2014


It would be interesting to customise the UI with new colours / logo since the current style is supposed to be used for products.

Also, please let me know if we need to improve / create new stuff for the UI.

Gabriel 

On Jan 24, 2014, at 10:50 AM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Good morning Stian, on AeroGear we had a discussion about how to properly reset passwords and we have too much to improve, but here comes my 2 cents.
> 
> --  
> abstractj
> 
> On January 24, 2014 at 8:03:08 AM, Stian Thorgersen (stian at redhat.com) wrote:
>>> Some comments in-line as well.
>> 
>> ----- Original Message -----
>> 
>> I assume you're only talking about when an admin resets the password  
>> on-behalf of the user?
>> 
>> It should be simple enough to add a button to let an admin send a  
>> password reset link to a user as we already have that functionality  
>> for the user themselves. It's that what you want? We still need  
>> the option of being able to set a temp password in case the user  
>> doesn't have a email registered (or emails can't be used for whatever  
>> reason).
> 
> What concerns me about this approach is the fact that once the admin account is compromised, is possible to reset everyone’s account even if you don’t have access do the database. If users doesn’t have e-mail registered, maybe we could evaluate another confirmation method? Maybe TOTP?
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

---
Gabriel Cardoso
User Experience Designer @ Red Hat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140124/87ea4336/attachment.html 


More information about the keycloak-dev mailing list