...
In this configuration, the ePTID and ePPN attributes are computed by the Gateway as follows. The ePPN computed by the Gateway is:
ePPN: user+gmail.com@google.gatewaycom@gateway.incommon.org
The ePTID is set to the following triple:
...
To avoid such a configuration (which defeats the purpose of scoped attributes), in Configuration 2 the Gateway can assert an ePPN with a fixed scope (such as “@google.gateway“@gateway.incommon.org”). In this case, no configuration at the SP is necessary since the SP performs normal scoped attribute checking based on a fixed set of <shibmd: Scope> elements in Gateway metadata. In the above example, there will be one such <shibmd: Scope> element in Gateway metadata, namely:
<shibmd:Scope regexp="false">google.gateway>gateway.incommon.org</shibmd:Scope>
...