Right now we have SSO enabled and everything has been working for years now (which is hosted by discourse). I was going through SSO settings and noticed the “sso overrides email” setting and its related warning “discrepancies can occur due to normalization of local emails”. Can you explain what is meant by this warning and provide an example of such normalization? Ultimately we would like to see the primary email (local) address match the email address for SSO.
Another related question, if I kick off a sync_sso API call with this feature enabled, will the primary email address be updated without user verification?
Discourse normalizes the case of email addresses, both the domain and the username parts of the email are set to lowercase. If your SSO provider site allows for upper case letters in emails, a user could end up with uppercase letters in their SSO provider email address, and a lowercase email address on Discourse.
I am not aware of any other email normalization that is done by Discourse.
This will work if the require_activation parameter is not set to true in the SSO payload.