bugfix: Allow only valid auth sources in MultiAuth.

The configuration of the MultiAuth authentication source specifies the auth sources that the user is presented with when asked for authentication. However, there was no proper check for the auth source selected by the user to ensure it is one of those allowed for MultiAuth.