# Overview

### SAML assertion parameters

When an authentication is made using a SAML IdP the data received that can be of interest by the PasswordReset module are:\
\&#xNAN;*(use for example SAML-tracer to see the incoming SAML data)*

* **Subject (NameID)** Holds the value of the user that logged in. \
  \&#xNAN;*Use **request.user\_name** if you like to use it in a PIPE.*
* **display\_name**. PasswordReset module could also use this attribute if available. This will for example be used by the avatar in Password Reset application to display the user name.\
  \&#xNAN;*Use **request.display\_name** if you like to use it in a PIPE.*
* **email**. PasswordReset module could also use this attribute if available.\
  \&#xNAN;*Use **request.email** if you like to use it in a PIPE.*
* **on\_behalf\_of\_user\_name**\
  \&#xNAN;*Use **request.on\_behalf\_of\_user\_name** if you like to use it in a PIPE.*
* **on\_behalf\_of\_display\_name**\
  \&#xNAN;*Use **request.on\_behalf\_of\_display\_name** if you like to use it in a PIPE.*
* **on\_behalf\_of\_email**\
  \&#xNAN;*Use **request.on\_behalf\_of\_email** if you like to use it in a PIPE.*
* **pwd\_last\_set**\
  To prevent users to reset the password multiple times in a row you can (like you can in AD) add a time (days) value to specify how long he/she needs to wait before resetting again. This parameter will use the value below and pwdLastSet to figure out when to prompt the user. If this parameter is not present the valuation will be done after the user tries to reset its password.
* **pwd\_last\_set\_allowed\_days**\
  Use **pwd\_last\_set\_allowed\_days** together with **pwd\_last\_set** to make an early check of time restrictions.