...
An Identity Provider is NOT REQUIRED to release a persistent, non-reassigned, non-targeted identifier to a given R&S Service Provider unless one or more of eduPersonPrincipalName, eduPersonUniqueId, or eduPersonTargetedID is listed in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequired. Similarly, an Identity Provider is NOT REQUIRED to release any other R&S attribute (mail, displayName, givenName, or sn) unless that attribute is listed in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequired.
Any other attribute listed in Service Provider metadata is out of scope with respect to this specification.
...