[BUG] Redirect URL errors when configured behind nginx proxy

[agiatic]

With CKAN configured behind an Nginx proxy, and using Azure App Proxy in front, there is strange url redirect behavior on protected urls, such as /ckan_admin. If CKAN is configured to have ckan.site_url = https://azureappproxyurl, it mostly works, but then CKAN can't really be used directly from the Nginx proxy url, and certain urls behave strangely (again /ckan_admin - mostly URLs that do security checks). If CKAN is configured to have ckan.site_url = https://nginxproxyurl, it works, but then CKAN can't really be used from the Azure App Proxy, which is the main use case.

The solution I found that seems to work:

1. Add a new configuration parameter called 'ckanext.saml2auth.siteurl'
2. Modify spgonfig.py line 33 from
   base = ckan_config.get('ckan.site_url')
   to
   base = ckan_config.get('ckanext.saml2auth.siteurl', ckan_config.get('ckan.site_url'))
3. Modify helpers.py line 120 from
   site_url = toolkit.config.get('ckan.site_url')
   to
   site_url = toolkit.config.get('ckanext.saml2auth.siteurl', toolkit.config.get('ckan.site_url'))

Then, set ckanext.saml2auth.siteurl = https://azureappproxyurl and ckan.site_url = https://nginxproxyurl

It seems to work well.
Please advise if this is an okay solution.

CKAN 2.10.4
NGINX 1.25.4
Windows Server 2022
ckanext-saml2auth 1.3.0