The workaround from Enst80 repository https://github.com/enst80/mediawiki-extensions-Auth_remoteuser worked until a recent change post mediawiki-1.35 and the current Auth_remoteuser is no longer compatible with the old patch.

Thank you for a prompt response. The experimental branch seems to be working for logins. I wonder if the logout link still needs to be enabled to clear the session cookie / log user out of mediawiki until they go back to a protected page that will trigger authentication.

Thanks for taking the task Stefan. I can tarball the old Auth_remoteuser extension code I have if needed to show that it works. Logically, it seems that this is how the current Auth_remoteuser should work as well i.e. since a user gets logged in via Special:UserLogin, which is behind SSO, and a mediawiki session is created I would expect the user to stay logged in until explicitly logged out or until a session timeout without Auth_remoteuser overriding the login status to none on pages that are not explicitly protected by SSO or it becomes impossible to edit pages or perform admin functions. Again, thank you for taking a look!

More testing by selectively adding SSO coverage to other URIs showed the same pattern, so there is a clear distinction between pages behind SSO, which show user as logged in, and pages not behind SSO, which show the user as anonymous user and present a 'Log In' URI in the upper right corner of the interface.