Katello & FreeIPA Integration puzzle

Foreman/Katello & FreeIPA Integration working partially.
Specifically, I can login in the UI by using username and password for IPA users. But, the kerberos authentication and group mapping are not working. I get this kerberos error (obviously having a kerberos ticket via kinit already in place):

**Kerberos Authentication did not pass**

The most important issue is the fact that the group mapping is not working and thus, all authenticated users basically see an empty, useless Katello interface (only the Bookmarks and and empty Task list).

Can someone help me to configure it?

Expected outcome:
Kerberos Authentication should work and group mapping should work.

Foreman and Proxy versions: 1.17.4

Foreman and Proxy plugin versions:

Other relevant data:
I have a Katello server which is already a FreeIPA client.
I want to manage Katello with FreeIPA groups and HBAC rules. Since the server is already a freeipa client, I did the following:

foreman-installer --foreman-ipa-authentication=true
katello-service restart

Both commands were successful.
Then, I created the relevant group:

hammer user-group create --name KatelloGroup
hammer user-group external create katello-adms --user-group KatelloGroup --auth-source-id 3
hammer user-group update --name KatelloGroup --admin true
hammer user-group update --name KatelloGroup --roles Manager

I verified in the database the the external source is the id 3.
On the FreeIPA Server I have configured a new user group and a relevant HBAC as:

 ipa group-show katello-adms 
  Group name: katello-adms
  Description: Ketello Administrators
  GID: 690200065
  Member users: ptselios
  Member of HBAC rule: Katello-Server

The HBAC rule is:

ipa hbacsvc-show katello
  Service name: katello
  Description: Katello Services

ipa hbacrule-show Katello-Server
  Rule name: Katello-Server
  Description: HBAC rule that controls access the the Katello server
  Enabled: TRUE
  User Groups: katello-adms
  Hosts: katello-server.example.com
  Services: katello