2.0 Password Reset
Home
Integrity
Control
Solutions

Overview

The PasswordReset module is the main module of the Password Reset application.

SAML assertion parameters

When an authentication is made using a SAML IdP the data received that can be of interest by the PasswordReset module are: (use for example SAML-tracer to see the incoming SAML data)

  • Subject (NameID) Holds the value of the user that logged in. Use request.user_name if you like to use it in a PIPE.

  • display_name. PasswordReset module could also use this attribute if available. This will for example be used by the avatar in Password Reset application to display the user name. Use request.display_name if you like to use it in a PIPE.

  • email. PasswordReset module could also use this attribute if available. Use request.email if you like to use it in a PIPE.

  • on_behalf_of_user_name Use request.on_behalf_of_user_name if you like to use it in a PIPE.

  • on_behalf_of_display_name Use request.on_behalf_of_display_name if you like to use it in a PIPE.

  • on_behalf_of_email Use request.on_behalf_of_email if you like to use it in a PIPE.

  • pwd_last_set To prevent users to reset the password multiple times in a row you can (like you can in AD) add a time (days) value to specify how long he/she needs to wait before resetting again. This parameter will use the value below and pwdLastSet to figure out when to prompt the user. If this parameter is not present the valuation will be done after the user tries to reset its password.

  • pwd_last_set_allowed_days Use pwd_last_set_allowed_days together with pwd_last_set to make an early check of time restrictions.