We’re using an in-house SSO provider which authenticates against LDAP. We’ve extended the core functionality so that, when the user authenticates, the provider retrieves a list of groups from Discourse and then populates the add_groups and remove_groups based on that list of groups combined with group membership in LDAP.
In order for that to work with multiple Discourse sites, the SSO provider needs to know the URL of the Discourse site that is requesting the authentication.
I did have this working by retrieving the HTTP_REFERER value but the referer field is no longer being populated for some reason. As a result, I’m now have to run two SSO providers running identical code.
I don’t think that Discourse provides the site URL when calling the SSO provider, and I can’t think of another way for the SSO provider to get the site URL if referer isn’t being populated.
Would it be possible to extend the Discourse SSO specification so that the site URL is provided to the SSO provider?