Drupal has a built-in status setting for users - blocked or active. When a shibboleth user is blocked, they can still log in but see the following message
Notice: Undefined property: stdClass::$cache in DrupalDatabaseCache->prepareItem() (line 422 of /path/to/drupal/includes/cache.inc)..
They may also see links and tabs implying they can edit or carry out administrative tasks, but when they click them they get the Access Denied page.
Expected behavior is that shib_auth will respect this setting, perhaps showing the user a "you are not authorized to login" message. If this is not possible, add a warning to the status field on user edit form stating that the status setting is only partially effective for shibboleth users. And mention this fact in the documentation.