The short answer is that you need to complete the formalities at https://safire.ac.za/participants/sp/join/, i.e. sign the Participation Agreement (once) and give us updated metadata (for each service provider). I'm happy to deal with any specific problems out-of-band, and have previously emailed Roberto about this.
For the benefit of the broader community, the background is this: when SAFIRE was set up as a pilot, there was no governance structure and things were just added to metadata without much consideration to the longer term implications. This was probably the right thing to do initially - a technical proof of concept based on rough consensus and running code.
However, now that SAFIRE's a hub-and-spoke federation with a juristic home, we need to execute what is in effect a data processing agreement in order to be able to provide attributes. This is to primarily to ensure that SAFIRE's operators and the individual identity providers comply with South African privacy legislation (specifically the Protection of Personal Information Act, which gives force to chapter 2.6 of the Constitution).
However, there's more to it than that: the Participation Agreement is the foundation of the federation trust relationship. Even in the absence of legislation (or an architecture that made it simpler), we'd probably want people to do sign an agreement because it gives other participants peace of mind in knowing that we take our obligations as a trusted introducer and provider of curated metadata seriously. Conversely, the old ad-hoc mechanisms do the opposite and are the reason a number of universities opted out of the pilot (typically at the behest of their lawyers).
Finally, the Participation Agreement is referenced as a requirement from our Metadata Registration Practice Statement, which in turn is the basis on which we supply metadata into eduGAIN. So we've given an undertaking to that community that we won't publish metadata without executing the agreement, again speaking to trust.