diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
index 6854c0767..0acee493c 100644
--- a/gate-web/gate-web.gradle
+++ b/gate-web/gate-web.gradle
@@ -29,7 +29,7 @@ dependencies {
   compile spinnaker.dependency("korkWeb")
   compile spinnaker.dependency("frigga")
   compile spinnaker.dependency('cglib')
-  compile "com.netflix.spinnaker.fiat:fiat-api:0.24.0"
+  compile "com.netflix.spinnaker.fiat:fiat-api:0.25.0"
 
   compile('com.github.kstyrc:embedded-redis:0.6')
   compile('org.springframework.session:spring-session-data-redis:1.1.1.RELEASE')
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy
index 1f1c7a0ab..a73e4715a 100644
--- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy
+++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy
@@ -36,6 +36,7 @@ import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.SecurityBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.core.Authentication
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
 import org.springframework.security.web.session.ConcurrentSessionFilter
@@ -88,7 +89,7 @@ class AuthConfig {
         .antMatchers('/health').permitAll()
         .antMatchers('/**').authenticated()
         .and()
-      .addFilterAfter(new FiatSessionFilter(configProps, permissionEvaluator), ConcurrentSessionFilter.class)
+      .addFilterBefore(new FiatSessionFilter(configProps, permissionEvaluator), AnonymousAuthenticationFilter.class)
       .logout()
         .logoutUrl("/auth/logout")
         .logoutSuccessHandler(permissionRevokingLogoutSuccessHandler)