Hi, I'm trying to help a community member that is having issues to provide a rest endpoint that do not need authentication but other endpoints are protected and make use of a policy enforcer. Looks like it is not possible to have both , is that correct ? The authz seems to intercept all the request (as mentioned in the documentation) and even by setting the enforcement to "permissive" it fails for this unprotected endpoint. For reference : https://issues.jboss.org/browse/KEYCLOAK-3799 (There are other issues in this ticket like configuring authz for SpringBoot but this is another problem to have to be solved separately) Sebi