...
Every SP-authenticated principal will be given the role ShibbolethAuthN
. Additionally the attribute called "affiliation" will be queried and its values used as roles. Hence if a user logged in via the SP and the following attributes were provided
eppn : "
jdoe
"affiliation : "
member@example.org
", "student@example.org
"
The session would be have the REMOTE_USER variable set to be "jdoe" (assuming that the default settings) and the following roles:
...