diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8068a2860b3..eaaa473b8db 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,7 +12,7 @@ repos:
     - id: check-yaml
     - id: debug-statements
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.4.7
+    rev: v0.4.8
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]
diff --git a/requirements.txt b/requirements.txt
index d101d43524e..52afca87ff8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,7 +8,7 @@ deepdiff==7.0.1
 dynaconf[vault]==3.2.5
 fauxfactory==3.1.1
 jinja2==3.1.4
-manifester==0.2.3
+manifester==0.2.4
 navmazing==1.2.2
 productmd==1.38
 pyotp==2.9.0
diff --git a/robottelo/hosts.py b/robottelo/hosts.py
index 838ecbcb02b..fcb01564cf3 100644
--- a/robottelo/hosts.py
+++ b/robottelo/hosts.py
@@ -2543,7 +2543,7 @@ def enroll_idm_and_configure_external_auth(self):
                 _, password = line.split(': ', 2)
                 break
         self.execute(f'ipa service-add HTTP/{self.satellite.hostname}')
-        _, domain = self.hostname.split('.', 1)
+        domain = self.execute('ipa realmdomains-show | awk \'{print $2}\'').stdout.strip()
         result = self.satellite.execute(
             f"ipa-client-install --password '{password}' "
             f'--domain {domain} '
diff --git a/tests/foreman/cli/test_oscap.py b/tests/foreman/cli/test_oscap.py
index 09aa6b00b82..c7eef1927b4 100644
--- a/tests/foreman/cli/test_oscap.py
+++ b/tests/foreman/cli/test_oscap.py
@@ -571,16 +571,24 @@ def test_positive_associate_scap_policy_with_hostgroups(self, scap_content, modu
 
             1. Oscap should be enabled.
             2. Oscap-cli hammer plugin installed.
-            3. More than 1 hostgroups
+            3. More than 1 policies assigned to hostgroups
 
         :steps:
 
             1. Login to hammer shell.
             2. Execute "policy" command with "create" as sub-command.
             3. Pass valid parameters.
-            4. Associate multiple hostgroups with policy
+            4. Associate multiple policies with hostgroup
+            5. Delete hostgroup
 
         :expectedresults: The policy is created and associated successfully.
+            Policies can be listed after hostgroup removal.
+
+        :bz: 1728157
+
+        :Verifies: SAT-19502
+
+        :customerscenario: true
 
         :Verifies: SAT-19492
 
@@ -600,6 +608,37 @@ def test_positive_associate_scap_policy_with_hostgroups(self, scap_content, modu
             }
         )
         assert scap_policy['hostgroups'][0] == hostgroup['name']
+        name2 = gen_string('alphanumeric')
+        scap_policy2 = module_target_sat.cli_factory.make_scap_policy(
+            {
+                'name': name2,
+                'deploy-by': 'ansible',
+                'scap-content-id': scap_content["scap_id"],
+                'scap-content-profile-id': scap_content["scap_profile_id"],
+                'period': OSCAP_PERIOD['weekly'].lower(),
+                'weekday': OSCAP_WEEKDAY['friday'].lower(),
+                'hostgroups': hostgroup['name'],
+            }
+        )
+        assert scap_policy2['hostgroups'][0] == hostgroup['name']
+        module_target_sat.cli.HostGroup.delete({'id': hostgroup['id']})
+        # removal of hostgroup shouldn't affect policies
+        try:
+            result = module_target_sat.cli.Scappolicy.list()
+        except CLIReturnCodeError:
+            pytest.fail("failed to list policies")
+        assert name in [policy['name'] for policy in result]
+        # check for orphaned entries
+        db_out = module_target_sat.execute(
+            'sudo -u postgres psql -d foreman -c "select * from foreman_openscap_assets"'
+        )
+        assert db_out.status == 0
+        assert "(0 rows)" in db_out.stdout
+        db_out = module_target_sat.execute(
+            'sudo -u postgres psql -d foreman -c "select * from foreman_openscap_asset_policies"'
+        )
+        assert db_out.status == 0
+        assert "(0 rows)" in db_out.stdout
 
     @pytest.mark.tier2
     def test_positive_associate_scap_policy_with_hostgroup_via_ansible(
diff --git a/tests/foreman/cli/test_ping.py b/tests/foreman/cli/test_ping.py
index 0d6b6929c25..cf5429bdabd 100644
--- a/tests/foreman/cli/test_ping.py
+++ b/tests/foreman/cli/test_ping.py
@@ -37,7 +37,7 @@ def test_positive_ping(target_sat, switch_user):
     :customerscenario: true
     """
     result = target_sat.execute(f"su - {'postgres' if switch_user else 'root'} -c 'hammer ping'")
-    assert result.stderr[1].decode() == ''
+    assert result.stderr == ''
 
     # Filter lines containing status
     statuses = [line for line in result.stdout.splitlines() if 'status:' in line.lower()]
diff --git a/tests/foreman/destructive/test_ldapauthsource.py b/tests/foreman/destructive/test_ldapauthsource.py
index 1b6aeec2701..8718b44cb87 100644
--- a/tests/foreman/destructive/test_ldapauthsource.py
+++ b/tests/foreman/destructive/test_ldapauthsource.py
@@ -69,10 +69,7 @@ def test_rhsso_login_using_hammer(
     result = module_target_sat.cli.Auth.with_user(
         username=settings.rhsso.rhsso_user, password=settings.rhsso.rhsso_password
     ).status()
-    assert (
-        f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'."
-        == result[0]['message']
-    )
+    assert f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'." in result
     task_list = module_target_sat.cli.Task.with_user(
         username=settings.rhsso.rhsso_user, password=settings.rhsso.rhsso_password
     ).list()
@@ -136,15 +133,8 @@ def test_rhsso_two_factor_login_using_hammer(
             {'username': settings.rhsso.rhsso_user, 'password': settings.rhsso.rhsso_password},
             default_sso_host.get_two_factor_token_rh_sso_url(),
         )
-        with module_target_sat.session.shell() as ssh_session:
-            ssh_session.sendline(
-                f"echo '{two_factor_code['code']}' | hammer auth login oauth "
-                f'--oidc-token-endpoint {default_sso_host.oidc_token_endpoint} '
-                f'--oidc-authorization-endpoint {default_sso_host.oidc_authorization_endpoint} '
-                f'--oidc-client-id {default_sso_host.get_oidc_client_id()} '
-                f"--oidc-redirect-uri 'urn:ietf:wg:oauth:2.0:oob' "
-                f'--two-factor '
-            )
-            ssh_session.prompt()  # match the prompt
-            result = ssh_session.before.decode()
-            assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." in result
+    # to workaround SAT-25654, fake tty using 'ssh -tt'
+    result = module_target_sat.execute(
+        f"KEYPATH=/root/$RANDOM; ssh-keygen -f $KEYPATH -N ''; cat $KEYPATH.pub >> /root/.ssh/authorized_keys; ssh -tt -i $KEYPATH -o StrictHostKeyChecking=accept-new root@localhost 'echo '{two_factor_code['code']}' | hammer auth login oauth --oidc-token-endpoint {default_sso_host.oidc_token_endpoint} --oidc-authorization-endpoint {default_sso_host.oidc_authorization_endpoint} --oidc-client-id {default_sso_host.get_oidc_client_id()} --oidc-redirect-uri 'urn:ietf:wg:oauth:2.0:oob' --two-factor'"
+    )
+    assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." in result.stdout