diff --git a/pass-core-main/src/main/java/org/eclipse/pass/main/security/SecurityConfiguration.java b/pass-core-main/src/main/java/org/eclipse/pass/main/security/SecurityConfiguration.java
index 24894b0c..2c6aaf18 100644
--- a/pass-core-main/src/main/java/org/eclipse/pass/main/security/SecurityConfiguration.java
+++ b/pass-core-main/src/main/java/org/eclipse/pass/main/security/SecurityConfiguration.java
@@ -22,7 +22,9 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
+import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
 import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
@@ -58,7 +60,10 @@ public class SecurityConfiguration {
      */
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // Disable unused functionality
         http.csrf(CsrfConfigurer::disable);
+        http.formLogin(FormLoginConfigurer::disable);
+        http.anonymous(AnonymousConfigurer::disable);
 
         // Set Content Security Policy header only for /app/
         ContentSecurityPolicyHeaderWriter cspHeaderWriter = new ContentSecurityPolicyHeaderWriter();