How is mail_password_url set on request? (SSO iframe)

Using multiple plone sites that authenticate against a plone instance in an SSO set up where the plone instances load the login page via iframe.

Products/CMFPlone/skins/plone_login/login_form.cpt defines mail_password_url via a tal statement from the request:

mail_password_url request/mail_password_url|nothing

Out of the four sites bound to this SSO setup, 3 return the FQHN such as:

Where as one the request/mail_password_host is set to:


Grepping though CMFPlone and the rest of my packages, I can't locate where this mail_password_url attribute is set on the request. It does not appear to be a configuration that I can locate in the zmi.

CMFPlone is expecting it, but how/where is it set on the request?