Actualize SSO External auth from 2.1 to 2.4

my bad I was uncareful to update from foreman-2.1, to 2.2, next to 2.3 and finally foreman-2.4. I forgot to test authetication so I am unable to bisect the trouble. The authentication setup with External Auth REMOTE_USER - based that worked great on foreman-2.4 does not.

On apache2 log file REMOTE_USER is populated: - [29/Mar/2021:15:38:26 +0200] “GET /users/extlogin HTTP/1.1” 302 104 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0”

But foreman logs:
2021-03-29T13:10:38 [I|app|140976a6] Started GET “/users/extlogin” for at 2021-03-29 13:10:38 +0200
2021-03-29T13:10:38 [I|app|140976a6] Processing by UsersController#extlogin as HTML
2021-03-29T13:10:38 [W|app|140976a6] SSO failed
2021-03-29T13:10:38 [W|app|140976a6] falling back to login form
2021-03-29T13:10:38 [I|app|140976a6] Redirected to

Expected outcome:
Should accept SSO authenticate user without redirection to LDAP login page.

Foreman and Proxy versions:
foreman 2.4.0-1
foreman-proxy 2.4.0-1

Foreman and Proxy plugin versions:

Distribution and version:
Debian GNU/Linux 10 (buster)

Other relevant data:
apache2 with mod_passenger
External Auth is SAML2 (but it shouldn’t be relevant at all, in my opinion)
Might be related to Bug #30739: CVE-2020-14380: Users can gain elevated rights when logging in with SSO accounts - Foreman ?

To solve quickly the issue, just replace HTTP_REMOTE_USER with REMOTE_USER twice. One time in app/services/sso/apache.rb and another time in app/controllers/application_controller.rb.

Of course you could craft your apache2 to deliver a HTTP_REMOTE_USER to foreman, but this is beyond my skills.