I also opened a support ticket on this, but hoping to figure out at least a workaround as our live site is broken now.
I have a custom login page indicated under the site settings under "Address for public users login". This is a custom ASPX page. If a page has permissions set that the user must be authenticated to view, Sitefinity redirects to this custom login page which is set to require authentication by Shibboleth(SAML). Once the person logs in, the page load runs on that custom login page, which includes the SecurityManager line to login/authenticate in Sitefinity. This was working under Sitefinity 11.0 but I recently upgraded to Sitefinity 12.2 and it is not working correctly. I can see that I am being redirected to the login page, I can see that the external Shibboleth login is working correctly, and then it gets to this line of code:
UserLoggingReason result = SecurityManager.AuthenticateUser("Default", userID, "xxx", false);
The UserLoggingResult is "UserLoggingReason.Success" and the next step redirects back to the original page that the user was going to. At this point, the failure happens. Sitefinity goes to the page and does not register that the user is logged in and the whole redirect to the logging page happens. This goes into an infinite loop and errors.
An important point, at this point if you go to the original URL manually in the browser it WILL actually load. Sitefinity knows that the user is logged in. So the authentication worked, but for some reason it did not register on the initial redirect back. I am at a loss for how to troubleshoot this.
Support got back to me that the "AuthenticateUser" method is being deprecated and I should replace it with a call to "SkipAuthenticationAndLogin". It looks like this is working better.