Refactoring and improvements of the accesslib.php library including prevention of access for not-logged-in users when forcelogin enabled, improved context caching, OOP refactoring of contexts, fixed context loading, deduplication of role definitions in user sessions, installation improvements, decoupling of enrolment checking from capability loading, added detection of deleted and non-existent users in has_capability(), new function accesslib test, auth and enrol upgrade notes.
More details are available in tracker subtasks.
Most of this code should be replaced with complete_user_login() but it
does a few odd things, so we'll play it safe for now, specially since
I don't have a Shib setup to test...