The first site will be given the host name
Roles based Authentication
The way in which Roles base Authentication works in IIS means that a valid REMOTE_USER must be specified. This allows the plugin to provide a Principal which hcan be interrogated for roles.
Every SP-authenticated principal will be given the role
ShibUser. Additionally the attributes 'ePa' and 'ePsa' will be queried and their values used as roles. Hence if a user logged in via the SP and the following attributes were provided