Most of the context is in the title.
We are in the process of making some changes to the SSO login. The result is that a user can login without a redirecting away from the discourse site.
This is achieved by opening an iframe to the sso provider. And then only redirecting to the sso_login url once that frame has returned a token.