Not all browsers support Single-Sign-On to a RDSH-Session from Web-Access. To test this make sure that you put your RD-WebAccess URI into the intranet site zone and use Internet Explorer instead of an alternative browser. If SSO works there, your configuration is correct.
Our RDSH-Farms works fine with SSO. We have https://*.ourdomain.com in the trusted sites list, defined as intranet site, and put a link to RD-Webaccess on the users desktop, which opens with Internet Explorer.
Alternatively, if you just need a full Session for your end-users, and not other features of WebAccess, you could skip RD-WebAccess and just use a direct RDP-Connection. Download the .rdp file from Web Access and deploy it to your endusers.
You could try deploying RD-Webclient which should be included in Server 2019 RDSH-Deployments. This will allow you to have the RD-Session directly inside the browser (HTML5-capable browser only). It should work with all modern browsers, on PC, Mac, Tablets and Phones. Also this does not need a double-authentication so it would solve your particular problem as well.