Check that the principal’s realm matches IPA realm if present
ipaserver.plugins.service.validate_auth_indicator
ipaserver.plugins.service.service