Previously, the `PreauthUserDetailsProvider` was only checking that a
valid Shib session existed by looking for the regular or HTTP Shib
session header. This check is now strengthened by validating the
correct header exists for the correct instance.