...
Like all IdPs, a discoverable IdP has an unspecified attribute release policy subject to local policy constraints. That said, an IdP easily satisfies the basic requirements of discoverability by releasing the following minimal attribute bundle to all SPs:
User Name identifier: SAML2 Transient NameID
User attribute: eduPersonScopedAffiliation
...
The following bundle includes a persistent, non-reassigned identifier targeted at a specific SP:
User Name identifier: SAML2 Persistent NameID
User attribute: eduPersonScopedAffiliation
...
Speaking of eduPersonTargetedID, the following bundle is equivalent to the above:
User Name identifier: SAML1 Transient NameIdentifier
User attribute #1: eduPersonTargetedIDUser attribute #2: eduPersonScopedAffiliation
...
The following bundle includes a relatively easy-to-deploy persistent, non-reassigned identifier:
User Name identifier: SAML2 Transient NameID
User attribute #1: eduPersonUniqueId
User attribute #2: eduPersonScopedAffiliation
...
For IdPs that already deploy eduPersonPrincipalName, the following attribute bundle may be simplest:
User Name identifier: SAML2 Transient NameID
User attribute #1: eduPersonPrincipalName (if non-reassigned)
User attribute #2: eduPersonScopedAffiliation
...