...
Multivalued attributes that has different values for different services shall should not be requested via metadata, example examples of such attributes are eduPersonEntitlement, norEduPersonLIN and schacPersonalUniqueCode. The reason for this is that an Identity Provider may unintensional release sensitive information to services that are not eligable for these values.
...