External login removes user from usergroup

Problem: I just upgraded to foreman 2.2 and it seems that after I modify the HTTP_REMOTE_USER to REMOTE_USER and I manage to login into foreman my user is getting removed from the User group in which it should be according to my AD group.
The only rights that are left are those who were manually added in foreman WebUI. It seems like it’s not looking anymore at group data received from AD

Expected outcome:
Login with user and keep the user in usergroup

**Foreman and Proxy versions:**2.2.3

Foreman and Proxy plugin versions:

Distribution and version: CentOS 7

Other relevant data:
I looked into logs but did not manage to find any relevant data on which headers are being received to see if maybe the group header is not received. Any ideea of where should I look next?
Many thanks

Note: I am using EXTERNAL login with SSO SAML with mod_mellon and not LDAP

After some more digging I have not yet figured it out, maybe headers for users are not passed to Puma?

I tried updating to 2.5 with Puma and my SSO login fails every time, I cannot even log in using SSO, not to mention the previous issue.
I get redirected when entering /users/extlogin to the external login page but after I login it falls back to /users/login

I tried setting HTTP_REMOTE_USER header as in lookup_identity.conf since I do not use FreeIPA, thought maybe it was an env var issue, but no luck. I checked the vars that are set in my mellon config.

Anyone has any thoughts?

I remember there were changes of headers passing after we moved from passenger to puma deployment, which uses ProxyPass in Apache. @ekohl may remember or have some pointers.

The next step I will try to make is to use mod_openidc instead of mod_mellon to enable SSO login and reconfig the server as explained in the official docs and to see if the problem persists is still there