Investigate SAML MR approvals with lack of ACS URL configuration

When configuring Geo, we instruct customers not to configure a SAML Assertion Consumer URL. This seems to result in the correct default ACS URL being derived internally, either through GitLab or OmniAuth library. Finding out where and how that's generated could be part of this investigation.

However, the real issue to investigate is why the absence of an explicit ACS URL in configuration results in SAML merge request approval not working. Customer reports that after SAML reauthentication they are redirected back to the project page rather than the merge request. The MR is also not approved.

@mkozono and I had a short sync call where we tried to understand the issue a bit more. We're confused as to how the user lands back on the project page, rather than either the root or the MR. It also doesn't immediately make sense why the actual SAML reauthentication works, and seems to use the correct callback. It seems the lack of explicit ACS URL configuration somehow results in the final redirect not being honored.

groupauthentication should investigate why lack of explicit ACS URL in SAML configuration causes SAML MR approval not to work. We can also work with @sam.figueroa on any knowledge needed to understand SAML MR approval flow.