Grant access to Middleware using Apache's <Location> when <Location /> is secured using Kerberos SSO

Hi everyone,

I can’t find a way to unlock a middleware within one of my extensions for an an external (other domain) javascript ajax-call ( $.ajax({ type:“GET”,url:‘https://intranet.stadtverwaltung.loc/Personal/Personal_NeueMitarbeiterVorstellung_Kommentarabfrage?Anfangsdatum=’ + jetzt.getTime() / 1000, success: kommentarinfoAnpassen })):

The site is secured by:

<LocationMatch “/”>
Options FollowSymLinks
AllowOverride All
AuthType Kerberos
AuthName “Intranet of X.COM
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthRealms X.COM
KrbServiceName Any
Require valid-user
Krb5Keytab /etc/apache2/intranetkeytab
Header set Access-Control-Allow-Origin “*”

and I’m trying to unlock the middleware (XYZ?Parameter=Whatever) by:
<LocationMatch “/XYZ.*”>
AuthType None
Require all granted

If I replace “/XYZ." by “/” the original rule gets overwritten so that the script can access the middleware but then SSO is disabled for the entire Site, of course. When keeping the "/XYZ.” the SSO works on the entire Site but also on the middleware so that the ajax-call gets rejected with 401.

Does anyone know how I can get both to work?