As the SSO plugin should be the autoritative login solution running on a site, it should enforce redirection in case it's needed.
This commit replaced return false; with exit; in saml_lostpassword and saml_user_register functions. That way, we make sure the redirection happens early and would be the very last action of the HTTP request in WordPress.
As the SSO plugin should be the autoritative login solution running on a site, it should enforce redirection in case it's needed.
This commit replaced
return false;
withexit;
insaml_lostpassword
andsaml_user_register
functions. That way, we make sure the redirection happens early and would be the very last action of the HTTP request in WordPress.See https://developer.wordpress.org/reference/functions/wp_redirect/