From f315d259b05c0a33461cc79108a726d93bcc2b3a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 20 May 2016 10:03:01 +0200
Subject: fix problem with some SAML1 clients to request the SAML1
 GetAuthenticationData SOAP service

---
 .../id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src/main/java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 87804ea6c..9fdec9fbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -53,7 +53,8 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 				
 		//only for SAML1 GetAuthenticationData webService functionality
 		String requestedServlet = request.getServletPath();		
-		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+		if (MiscUtil.isNotEmpty(requestedServlet) && 
+				requestedServlet.startsWith("/services")) {
 			Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
 			return true;
 			
-- 
cgit v1.2.3