The changes in 8.1.2 indeed would break the workaround we came up with back then, unfortunately.
The only other workaround that comes to mind is something recently discussed here: IdP/Database Hybrid
In short: you can use an expression attribute mapper which invokes a jython script to fetch the roles of the user from the pure AD source given the username of the user which is returned from the OIDC token claims.
Let me know if that helps