fix problem with some SAML1 clients to request the SAML1 GetAuthenticationData SOAP service

2 files changed, 22 insertions, 9 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 87804ea6c..9fdec9fbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -53,7 +53,8 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 				
 		//only for SAML1 GetAuthenticationData webService functionality
 		String requestedServlet = request.getServletPath();		
-		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+		if (MiscUtil.isNotEmpty(requestedServlet) && 
+				requestedServlet.startsWith("/services")) {
 			Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
 			return true;
 			
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index f00358d02..893799b5d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -66,6 +66,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
@@ -124,7 +125,8 @@ public class GetAuthenticationDataService extends AbstractController implements
 	private static final String CONTEXT_SOAP_STATUSCODE = "statusCode";
 	private static final String CONTEXT_SOAP_ASSERTION = "assertion";
 	
-	@RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.POST})
+	@RequestMapping(value = {"/services/GetAuthenticationData", "/services"}, 
+			        method = {RequestMethod.POST})
 	public void getAuthenticationData(HttpServletRequest req, HttpServletResponse resp)
 		    throws IOException {
 		InputStream is = null;
@@ -225,13 +227,23 @@ public class GetAuthenticationDataService extends AbstractController implements
 			}	
 		} 
 		
-		//get first child from body --> should be the SAML1 Request element 
-		Element saml1Req;
-		if (saml1ReqList.item(0).getFirstChild() instanceof Element)
-			saml1Req = (Element) saml1ReqList.item(0).getFirstChild();
-			
-		else {
-			throw new SAXException("First child of 'soap-env:Body' element has a wrong type.");
+		//get the first child from body which is of type Element (SAML1 Request element) 
+		Element saml1Req = null;
+		
+		Node reqObj = saml1ReqList.item(0).getFirstChild();
+		while (reqObj != null) {
+			if (reqObj instanceof Element) {
+				saml1Req = (Element) reqObj;
+				break;
+				
+			} else {
+				reqObj = reqObj.getNextSibling();
+				
+			}			
+		}
+		
+		if (saml1Req == null) {
+			throw new SAXException("Every child of 'soap-env:Body' element has a wrong type.");
 				
 		}