...
Via Attribute Aggregation we can provide the user's team memberships in the urn:mace:dir:attribute-def:isMemberOf attribute (see Attribute schema). You will receive this as an extra attribute in the standard login flow, and it will contain the full urns of the groups this user is a member of.
...
If your application requires the knowledge of SAB-roles, we can provide them to you in the SAML login flow in the urn:mace:dir:attribute-def:eduPersonEntitlement attribute. The role will be passed in its full urn notation, e.g. urn:mace:surfnet.nl:surfnet.nl:sab:role:SURFmedia-beheerder and is multi-valued. You can also get the institution abbreviation and guid. This way, your SP does not require any separate interface to SAB to retrieve this information. See the SAB interfaces space for more information about SAB and the specific instruction for SAB via SURFconext attribuutaggregatie.
How to get it
Just contact our support team.