Steps to reproduce:
- make sure you exhaust the maximum session limit by creating as many sessions as you can
- try to authenticate as amadmin
This should be successful, as amAdmin should be always able to authenticate even when the maximum session limit is reached.
The bug is in InternalSession#activate, the superUserDN starts with uid, not with id like any normal uuid would. The solution should be to replace the string comparison with calling sessionservice.isSuperUser() instead.