Use of origin parameter in request URL breaks integration with certain IDPs

[joshIsCoding]

Using the origin parameter as originally documented by OmniAuth causes an error when attempting to authenticate with some IDPs, specifically Google as an IDP via a custom SAML 2.0 app integration. Initiating the SAML request with a URL containing an origin param raises an invalid ticket error from the Ruby SAML gem.
So a request URL such as the following: https://test-app.com/auth/saml/2/callback?origin=something

Gives the following error on receipt of the SAML response from Google:

Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, The status code of the Response was not Success, was Requester => RequestDenied -> Invalid request, ACS Url in request `https://test-app.com/auth/saml/2/callback?origin=something` doesn't match configured ACS Url `https://test-app.com/auth/saml/2/callback`.

HTTP Origin header (https://accounts.google.com) didn't match request.base_url (https://test-app.com/)

Fortunately, a simple solution is to submit the parameter in the request body instead. I have created a pull request for the main OmniAuth gem to reflect that this is possible now that all authentication requests are supposed to use POST. I am flagging the issue here in case others end up searching for the problem, and also to offer to provide some origin parameter documentation in a pull request to this gem if you think it would be beneficial.