Why does this middleware setup phase code work in rails 6 but not in rails 7?

I've got a rails 6 app using the latest versions of devise and omniauth-saml. The app allows any number of identity providers (IDP) to communicate with so to do that I've essentially followed this blog post that outlines how to customize the setup phase to plugin the correct IDP at runtime.

This app is not using subdomains so the main difference in my implementation is that I set the id of the IDP on the session before the app calls out to the IDP (users submit their email address and the domain gets extracted for the IDP lookup). Once the SAML assertion comes back, it grabs that IDP id out of the session in the setup phase to continue on.

The following is the rack middleware that's used in the setup phase that works in rails 6 but not in rails 7 (the line where it accesses the session). Any idea why? I even tried downgrading Rack to 2.2.9 in the rails 7 app and it still didn't work...idp_id is always just nil. Or is there a better way to do this? Thanks for any help!

class OmniauthSamlSetup

  # Omniauth expects the class passed to setup to respond to the #call method.
  # env - Rack environment
  # This class is Rack middleware, we put it in the "lib/" directory
  def self.call(env)
    new(env).setup
  end

  def initialize(env)
    @env = env
  end

  def setup
    @env["omniauth.strategy"].options.merge!(saml_settings)
  end

  private

  def saml_settings
    # find your provider, given a subdomain or a query param
    # provider = Provider.find_by(foo: params[:bar])
    provider = Rack::Request.new(@env).session['idp_id']
    {
      idp_cert: "-----BEGIN CERTIFICATE-----\n#{provider.cert}\n-----END CERTIFICATE-----",
      idp_sso_target_url: provider.target_url
    }
  end
end

omniauth / omniauth-saml

Why does this middleware setup phase code work in rails 6 but not in rails 7? #231