Use Entitlements rather than group memberships
According to https://aarc-project.eu/guidelines/aarc-g002
Also add to the feudal docs, that the eduperson_entitlement scope needs to be requested.
-
Unity: Add config option to strip the "/" prefix from groups (also ignore the "/" group) -
Config: configure if an idp is using groups / entitlements -
Config: configure which field of the userinfo contains that information -
Entitlements: Only use the "main" group of a VO not its subgroups: (e.g: from [:m-team,:m-team:old-geezers] only use :m-team)