Hello. Documentation for Keycloak Spring Security adapter ( https://www.keycloak.org/docs/6.0/securing_apps/index.html#_spring_securi... ) has a paragraph: "You must provide a session authentication strategy bean which should be of type RegisterSessionAuthenticationStrategy for public or confidential applications and NullAuthenticatedSessionStrategy for bearer-only applications." I wonder why is it a requirement for public applications? It looks like KeycloakAuthenticationProcessingFilter is not using the session registry itself (it just sets up sessionAuthenticationStrategy into HttpSecurity and KeycloakAuthenticationProcessingFilter) but my question is: why is it 'must have' for public/confidential applications? (this feature may be useful when concurrent sessions filter is enabled but what if it's not in use?) Thanks for clarifying!