fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes #22267 (closed) where a misconfigured Shibboleth HTTP_UID
or HTTP_EPPN
could result in users being logged into an account that did not belong to them.
This merge request fixes #22267 (closed) where a misconfigured Shibboleth HTTP_UID
or HTTP_EPPN
could result in users being logged into an account that did not belong to them.