Fix SAML2 multi-session vulnerability
This resolves an issue where Ipsilon can be requested to initiate logout
sessions for all currently open sessions, regardless of currently logged
in user.
Fixes: CVE-2016-8638
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Howard Johnson <merlin@merlinthp.org>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>