diff --git a/config/logins.json b/config/logins.json
index 77cf0b4cf7a473cd117f1e40092c738bb78692e8..3484047bb7ff66bb4fabb00fb68a6ecce13cc853 100644
--- a/config/logins.json
+++ b/config/logins.json
@@ -8,6 +8,8 @@
         "uid": [
           "jstiglitz"
         ],
+	"pairwise-id": "jstiglitz",
+	"subject-id": "jstiglitz",
         "eduPersonTargetedID": "bd0916qef0c2e675b2def4ahe6w50b7d4bb4aae",
         "schacHomeOrganization": "harvard-example.edu",
         "eduPersonPrincipalName": "stiglitz@harvard-example.edu",
diff --git a/metadata/saml20-idp-hosted.php b/metadata/saml20-idp-hosted.php
index a2a373ef7b6f821e7d897879d88d3d7878e20cea..0b2afb2b72484f6728dfac24a395f55fdd31c87e 100644
--- a/metadata/saml20-idp-hosted.php
+++ b/metadata/saml20-idp-hosted.php
@@ -94,14 +94,27 @@ $metadata['__DYNAMIC:1__'] = [
 	  'identifyingAttribute' => 'eduPersonTargetedId',
 	  'nameId' => TRUE,
 	],
-        8 => [
+	8 => [
+	  'class' => 'subjectidattrs:PairwiseID',
+	  'identifyingAttribute' => 'pairwise-id',
+          'scopeAttribute' => 'scope',
+	],
+	9 => [
+	  'class' => 'subjectidattrs:SubjectID',
+	  'identifyingAttribute' => 'subject-id',
+          'scopeAttribute' => 'scope',
+	],
+        15 => [
           'class' => 'core:PHP',
           'code' => '
             unset($attributes["eduPersonTargetedId"]);
+            unset($attributes["pairwise-id"]);
+            unset($attributes["subject-id"]);
+            unset($attributes["scope"]);
           ',
-        ],	
+	],
         // Convert LDAP names to urn.
-	10 => [
+	20 => [
 	  'class' => 'core:AttributeMap',
 	  'name2oid'
 	],
diff --git a/modules/customauth/www/authpage.php b/modules/customauth/www/authpage.php
index 6487068c19656dd9a24583a8cc52d0275ec8ec43..d81d71f5bf43d382ef0e3b87e1779ae7c27a79a3 100644
--- a/modules/customauth/www/authpage.php
+++ b/modules/customauth/www/authpage.php
@@ -68,6 +68,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     $attributes = @$_POST['keys'] or [];
 
+    // Fix subject scope
+    $scope = "dummy.org";
+    if (isset($attributes['schacHomeOrganization'])) {
+        $scope = $attributes['schacHomeOrganization'];
+    } elseif (isset($attributes['eduPersonScopedAffiliation'])) {
+        $scope = explode("@", explode(",", $attributes['eduPersonScopedAffiliation'])[0])[1];
+    } elseif (isset($attributes['eduPersonPrincipalName'])) {
+        $scope = explode("@", $attributes['eduPersonPrincipalName'])[1];
+    }
+    $attributes['scope'] = $scope;
+    //SimpleSAML\Logger::warning("Attributes: " . print_r($attributes, true));
+
     foreach ($attributes as $key => $value) {
         $_SESSION['attributes'][$key] = $value;
     }