The Auth Validation page /wp-login.php?saml_validate_config when not authenticated leaks information about the plugin configuration because the initial page content is sent before the 401 HEADER is marked.
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-content/plugins/onelogin-saml-sso/php/validate.php:17) in /var/www/html/wp-content/plugins/onelogin-saml-sso/php/validate.php on line 20 Access Forbidden!
The Auth Validation page /wp-login.php?saml_validate_config when not authenticated leaks information about the plugin configuration because the initial page content is sent before the 401 HEADER is marked.
https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/validate.php
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-content/plugins/onelogin-saml-sso/php/validate.php:17) in /var/www/html/wp-content/plugins/onelogin-saml-sso/php/validate.php on line 20 Access Forbidden!