Comment 4 for bug 1442787

If we can't guarantee username is unique for a given IdP, that means audit trail and non-repudiation is likely broken as well. Though at the SP side, an IdP is effectively map into a domain as domain own the user group.

A good side-effect from the above change would give us the ability to setup a single mapping for multiple domains. :)