1 files changed, 5 insertions, 2 deletions

diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 89748da3f..d0f11c3bf 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -58,7 +58,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
    * <ul>
    * <li>Status: <code>302</code></li>
    * <li>Header <code>"Location"</code>: URL of the online application requested, with
-   * 						parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li>
+   * 						parameters <code>"Target"</code>(only if the online application is
+   *            a public service) and <code>"SAMLArtifact"</code> added</li>
    * <li>Error status: <code>500</code>
    * </ul>
    * @see AuthenticationServer#verifyAuthenticationBlock
@@ -80,7 +81,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 			String samlArtifactBase64 = 
 				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
 			String redirectURL = session.getOAURLRequested();
-			redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
+      if (!session.getBusinessService()) {
+        redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
+      }
 			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 			redirectURL = resp.encodeRedirectURL(redirectURL);
 			resp.setContentType("text/html");