diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
index 8a3b6c292..c5933f880 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
@@ -157,7 +157,12 @@ public InMemoryUserDetailsManager userDetailsManager() {
     @Bean
     @Profile("!no-auth")
     public WebSecurityCustomizer webSecurityCustomizer() {
-        return (web) -> web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
+        return (web) -> web.ignoring().requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"),
+                        new AntPathRequestMatcher("/entities/**/*"),
+                        new AntPathRequestMatcher("/favicon.ico"),
+                        new AntPathRequestMatcher("/assets/**/*.png"),
+                        new AntPathRequestMatcher("/static/**/*"),
+                        new AntPathRequestMatcher("/**/*.css")).and().httpFirewall(allowUrlEncodedSlashHttpFirewall());
     }
 
     private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java
index 4f60c9925..6810b5ee9 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java
@@ -125,6 +125,11 @@ public WebSecurityCustomizer webSecurityCustomizer() {
         firewall.setAllowUrlEncodedDoubleSlash(true);
         firewall.setAllowSemicolon(true);
 
-        return (web) -> web.httpFirewall(firewall);
+        return (web) -> web.ignoring().requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"),
+                                                       new AntPathRequestMatcher("/entities/**/*"),
+                                                       new AntPathRequestMatcher("/favicon.ico"),
+                                                       new AntPathRequestMatcher("/assets/**/*.png"),
+                                                       new AntPathRequestMatcher("/static/**/*"),
+                                                       new AntPathRequestMatcher("/**/*.css")).and().httpFirewall(firewall);
     }
 }
\ No newline at end of file
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java
index 4219112be..c0ef2073b 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java
@@ -27,6 +27,9 @@ public Optional<Credentials> validate(CallContext ctx, Credentials credentials)
         Optional<Credentials> validatedCreds = super.validate(ctx, credentials);
         validatedCreds.ifPresent(creds -> {
             CommonProfile profile = (CommonProfile) creds.getUserProfile();
+            if (profile == null) {
+                return;
+            }
             profile.setRoles(userService.getUserRoles(profile.getUsername()));
             creds.setUserProfile(profile);
             userService.updateLoginRecord(profile.getUsername());