fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes #22267 (closed) where a misconfigured Shibboleth HTTP_UID or HTTP_EPPN could result in users being logged into an account that did not belong to them.
This merge request fixes #22267 (closed) where a misconfigured Shibboleth HTTP_UID or HTTP_EPPN could result in users being logged into an account that did not belong to them.