"org.picketlink.extensions.core.rest.interceptors.SecurityInterceptor" causes authentication to be required for all resources that are not included in picketlink-extension (for example SignInEndpoint).
In my application I've changed this class to remove this, and instead added an exception mapper to deal with the deltaspike exception.
See:
It would be good if picketlink-extensions did something similar so that users wouldn't have to deal with this.