I have found a workaround for a similar issue:
https://community.theforeman.org/t/actualize-sso-external-auth-from-2-1-to-2-4/22930
If you could confirm it works in your setting it would be possible to open a bugfix request backed up with some experimental data.