I had a quick look at the Drupal Discourse module. It’s not clear to me what is causing the issue, but for some reason the User Agent and Client IP are getting set to the Drupal server’s values instead of the user’s IP and User Agent during SSO login. This may be related to how the
drupal_goto method works.
One thing I noticed in the module is that it provides some functionality for displaying Discourse content on Drupal. To do this, it is making API requests to Discourse with API credentials included in the query string. This type of API authentication has been deprecated by Discourse. At some point in the near future, these types of requests will stop working. If you are using the module to display Discourse content on your Drupal site, you may need to look into this some more.
This module was last updated in 2015. There is a Drupal Discourse SSO module that has been updated more recently: https://www.drupal.org/project/discourse_sso. I think it only provides SSO functionality though. It doesn’t seem to have any code that adds Discourse content to a Drupal site.