Clarify Group SAML user identity updates

As previously implemented the code was technically buggy and
could cause confusion in the future. That is because the call
to self.identity, if an update were necessary, would fail to
update user identities association and would not be auto-saved.
Actually, it wouldn't be possible for the identity to be found
in this manner if the extern_uid had changed. Make it clearer
by using a guard to indicate nothing is happening in this case.

Changelog: fixed

ee/changelogs/unreleased/dblessing_saml_user_identity_fix.yml

+---
+title: Remove unncessary group SAML identity assignment
+merge_request:
+author:
+type: fixed

ee/lib/gitlab/auth/group_saml/user.rb

@@ -84,10 +84,10 @@ module Gitlab
         override :add_or_update_user_identities
         def add_or_update_user_identities
           return unless gl_user
+          return if self.identity # extern_uid hasn't changed
 
-          identity = self.identity
           # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
-          identity ||= gl_user.identities.find { |identity| identity.provider == auth_hash.provider && identity.saml_provider_id == @saml_provider.id }
+          identity = gl_user.identities.find { |identity| identity.provider == auth_hash.provider && identity.saml_provider_id == @saml_provider.id }
           identity ||= gl_user.identities.build(provider: auth_hash.provider, saml_provider: @saml_provider)
 
           identity.extern_uid = auth_hash.uid