diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go
index 456cc47e..1b9ea058 100644
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -43,6 +43,11 @@ type OidcDiscovery struct {
 }
 
 func getOriginFromHost(host string) (string, string) {
+	origin := conf.GetConfigString("origin")
+	if origin != "" {
+		return origin, origin
+	}
+
 	protocol := "https://"
 	if strings.HasPrefix(host, "localhost") {
 		protocol = "http://"
@@ -58,12 +63,6 @@ func getOriginFromHost(host string) (string, string) {
 func GetOidcDiscovery(host string) OidcDiscovery {
 	originFrontend, originBackend := getOriginFromHost(host)
 
-	origin := conf.GetConfigString("origin")
-	if origin != "" {
-		originFrontend = origin
-		originBackend = origin
-	}
-
 	// Examples:
 	// https://login.okta.com/.well-known/openid-configuration
 	// https://auth0.auth0.com/.well-known/openid-configuration
diff --git a/object/saml_idp.go b/object/saml_idp.go
index 4bcae664..1983daf4 100644
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -29,7 +29,6 @@ import (
 
 	"github.com/RobotsAndPencils/go-saml"
 	"github.com/beevik/etree"
-	"github.com/casdoor/casdoor/conf"
 	"github.com/golang-jwt/jwt/v4"
 	dsig "github.com/russellhaering/goxmldsig"
 	uuid "github.com/satori/go.uuid"
@@ -176,16 +175,12 @@ type Attribute struct {
 }
 
 func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, error) {
-	//_, originBackend := getOriginFromHost(host)
 	cert := getCertByApplication(application)
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 
-	origin := conf.GetConfigString("origin")
 	originFrontend, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
+
 	d := IdpEntityDescriptor{
 		XMLName: xml.Name{
 			Local: "md:EntityDescriptor",
diff --git a/object/saml_sp.go b/object/saml_sp.go
index 334682bf..de34a8f8 100644
--- a/object/saml_sp.go
+++ b/object/saml_sp.go
@@ -70,10 +70,12 @@ func GenerateSamlLoginUrl(id, relayState string) (string, string, error) {
 }
 
 func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvider, error) {
+	origin := conf.GetConfigString("origin")
+
 	certStore := dsig.MemoryX509CertificateStore{
 		Roots: []*x509.Certificate{},
 	}
-	origin := conf.GetConfigString("origin")
+
 	certEncodedData := ""
 	if samlResponse != "" {
 		certEncodedData = parseSamlResponse(samlResponse, provider.Type)
diff --git a/object/token_jwt.go b/object/token_jwt.go
index 5e7ca967..07a13003 100644
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"github.com/golang-jwt/jwt/v4"
 )
@@ -67,11 +66,7 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
 
 	user.Password = ""
-	origin := conf.GetConfigString("origin")
 	_, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
 
 	name := util.GenerateId()
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)
diff --git a/object/user.go b/object/user.go
index b271e13b..79b8316e 100644
--- a/object/user.go
+++ b/object/user.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"github.com/duo-labs/webauthn/webauthn"
 	"xorm.io/core"
@@ -527,11 +526,8 @@ func GetUserInfo(userId string, scope string, aud string, host string) (*Userinf
 	if user == nil {
 		return nil, fmt.Errorf("the user: %s doesn't exist", userId)
 	}
-	origin := conf.GetConfigString("origin")
+
 	_, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
 
 	resp := Userinfo{
 		Sub: user.Id,
diff --git a/object/user_webauthn.go b/object/user_webauthn.go
index 8f3a4f97..45125f4d 100644
--- a/object/user_webauthn.go
+++ b/object/user_webauthn.go
@@ -27,12 +27,9 @@ import (
 func GetWebAuthnObject(host string) *webauthn.WebAuthn {
 	var err error
 
-	origin := conf.GetConfigString("origin")
-	if origin == "" {
-		_, origin = getOriginFromHost(host)
-	}
+	_, originBackend := getOriginFromHost(host)
 
-	localUrl, err := url.Parse(origin)
+	localUrl, err := url.Parse(originBackend)
 	if err != nil {
 		panic("error when parsing origin:" + err.Error())
 	}
@@ -40,7 +37,7 @@ func GetWebAuthnObject(host string) *webauthn.WebAuthn {
 	webAuthn, err := webauthn.New(&webauthn.Config{
 		RPDisplayName: conf.GetConfigString("appname"),      // Display Name for your site
 		RPID:          strings.Split(localUrl.Host, ":")[0], // Generally the domain name for your site, it's ok because splits cannot return empty array
-		RPOrigin:      origin,                               // The origin URL for WebAuthn requests
+		RPOrigin:      originBackend,                        // The origin URL for WebAuthn requests
 		// RPIcon:     "https://duo.com/logo.png",           // Optional icon URL for your site
 	})
 	if err != nil {