group validation should fail if group no longer exists

[tl-adrian-bridgett]

If group validation is enabled (with my fix for #125) then if the group is deleted, the user is still allowed in as the cache is not updated.

I think we should be playing very safe here and failing. This also applies for nested groups.

There is a log message:

 {"error":"GROUP_NOT_FOUND","level":"error","msg":"error updating fill cache","service":"sso-authenticator",...

Version: master with PR 275 and PR 280 applied

[Jusshersmith]

Hey @tl-adrian-bridgett! Thanks for submitting this!

I'm working on this PR which should help here -- when the cache refreshes (based on a TTL) and it can't find a group, that group is removed from the cache.