diff --git a/pkg/server/server.go b/pkg/server/server.go
index b59c0a634..da1b40580 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -394,7 +394,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 		userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName}
 		userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID}
 		userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
-		userExtra["eks.amazonaws.com/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
+		userExtra["sigs.k8s.io/aws-iam-authenticator/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
 	}
 
 	json.NewEncoder(w).Encode(authenticationv1beta1.TokenReview{
diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go
index e4f7a7676..350a767fd 100644
--- a/pkg/server/server_test.go
+++ b/pkg/server/server_test.go
@@ -524,12 +524,12 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		[]string{"sys:admin", "listers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{"ABCDEF"},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:role/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {"ABCDEF"},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -568,12 +568,12 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		[]string{"sys:admin", "listers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:role/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -616,12 +616,12 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		[]string{"sys:admin", "listers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:user/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -660,12 +660,12 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		[]string{"sys:admin", "listers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:user/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -704,12 +704,12 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		nil,
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:user/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -748,12 +748,12 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		nil,
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:user/Test"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -792,12 +792,12 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		nil,
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -836,12 +836,12 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:Test",
 		nil,
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"TestSession"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"Test"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"},
+			"arn":          {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
+			"sessionName":  {"TestSession"},
+			"accessKeyId":  {""},
+			"principalId":  {"Test"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 }
@@ -885,12 +885,12 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:TestNodeRole",
 		[]string{"system:nodes", "system:bootstrappers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"TestNodeRole"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
+			"arn":          {"arn:aws:iam::0123456789012:role/TestNodeRole"},
+			"canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
+			"sessionName":  {"i-0c6f21bf1f24f9708"},
+			"accessKeyId":  {""},
+			"principalId":  {"TestNodeRole"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})
 
@@ -931,12 +931,12 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) {
 		"aws-iam-authenticator:0123456789012:TestNodeRole",
 		[]string{"system:nodes", "system:bootstrappers"},
 		map[string]authenticationv1beta1.ExtraValue{
-			"arn":                           authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
-			"canonicalArn":                  authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
-			"sessionName":                   authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
-			"accessKeyId":                   authenticationv1beta1.ExtraValue{""},
-			"principalId":                   authenticationv1beta1.ExtraValue{"TestNodeRole"},
-			"eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
+			"arn":          authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
+			"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
+			"sessionName":  authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
+			"accessKeyId":  authenticationv1beta1.ExtraValue{""},
+			"principalId":  authenticationv1beta1.ExtraValue{"TestNodeRole"},
+			"sigs.k8s.io/aws-iam-authenticator/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
 		}))
 	validateMetrics(t, validateOpts{success: 1})