Merge tag 'MOA-ID-3.4.2'

1 files changed, 4 insertions, 1 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 						
 			//validate SAML token
+			//TODO: maybe add whitelist
 			IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, 
 					request.getRemoteHost(), 
 					Constants.CONFIG_PROPS_SKEWTIME_BEFORE, 
 					Constants.CONFIG_PROPS_SKEWTIME_AFTER,
-					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+					null,
+					false);
 												
 			if (samlResp.isEncrypted()) {
 				Logger.info("Received encrypted eIDAS SAML-Response.");