Some applications make a server to server call that may not work if the resource is protected and results in a challenge response to the call. For this reason it would be beneficial to allow requests for http://localhost and/or http://127.0.0.1 to remain unprotected without affecting the currently protected resources.
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
The best way to address this use case is with the IgnoreHost ACO parameter. Two additional ACO parameters are also needed to prevent the agent from transforming the incoming host name to a FQDN: ForceFQHost=no and DisableDNSLookup=yes
This also could be accomplished by defining agent names (using the AgentName ACO parameter) to the hosts you want to ignore and not assigning those agent names to any realms, however, this method results in the IsProtected call being made for these requests whereas using IgnoreHost skips the IsProtected call and is thus slightly more efficient.