Azure Auth error to alias after upgrading to 2.5.8

We have a relatively simple setup (single node for UI, 3 for etcd/controlplane). Servername is wmernp01.xx.com and users login via alias rancher.xx.com. It is configured to use Azure AD for auth. Up to 2.5.1 this worked well.
After upgrading to 2.5.8, the alias no longer works. Hitting the alias directs to Azure as nomal. But after clicking Login it redirects to the email verify page shown in the image. Hitting the actual server name works as it should.
Any suggestions on why the alias would stop working? Thx.

Same here with Github OAuth. I first thought it would be an issue together with github´s change to their tokens. But it seems to be another cause.

Please try if you can access your rancher.xx.com (without the code query params etc.) after a successful azure login. I my case with github this works and a user can access rancher as usual.

We have tried that without success. We use Azure AD for many things and logins to those apps work without issue. The Rancher UI login is the only one that shows this behavior.