We've been working on integrating WordPress Multiuser with our Shibboleth authentication process here at Johns Hopkins University for the last four months, off and on. I've combed through the plugin, line by line, and understand how it works rather well at this point.
For some reason, even though
shibboleth_authenticate_user() is passing back a valid
WP_User object, which gets passed back to
shibboleth_authenticate(), which passes it back to the
authenticate filter, the user still gets dropped back at wp-login.php and is asked to enter a WordPress username and password.