The authentication interface description for getSpecialGroups states that the user need not be logged in, however the current implementation returns an empty list if the user is not logged in (i.e. EPerson is null) or not logged in via shib. Additionally, there is a misleading log line about adding the EPerson to special groups. This bug is distinct from those described in other tickets for the same class. I have tested the removal of these contraints and not noticed any ill effects while allowing the intended behavior of allowing shib affiliations to effect special groups authorization.