diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
index ad0f74e6..66d4e231 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
@@ -74,12 +74,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             JwtValidationResult result = jwtService.validateAccessToken(token);
             String subject = result.subject();
 
-            // In OIDC mode, only accept agent tokens via internal validation.
-            // User tokens must go through the OIDC decoder path.
-            if (oidcDecoder != null && subject != null && subject.startsWith("user:")) {
-                return false;
-            }
-
             List<String> roles = result.roles();
             if (!subject.startsWith("user:") && roles.isEmpty()) {
                 roles = List.of("AGENT");
diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java
index 8938e062..6049514b 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java
@@ -71,10 +71,6 @@ public class UiAuthController {
             content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
     public ResponseEntity<AuthTokenResponse> login(@RequestBody LoginRequest request,
                                                        HttpServletRequest httpRequest) {
-        if (isOidcEnabled()) {
-            return ResponseEntity.status(HttpStatus.NOT_FOUND)
-                    .body(new AuthTokenResponse(null, null, "Local login disabled when OIDC is configured", null));
-        }
         String configuredUser = properties.getUiUser();
         String configuredPassword = properties.getUiPassword();
         String subject = "user:" + request.username();
@@ -153,11 +149,6 @@ public class UiAuthController {
         }
     }
 
-    private boolean isOidcEnabled() {
-        String issuer = properties.getOidcIssuerUri();
-        return issuer != null && !issuer.isBlank();
-    }
-
     public record LoginRequest(String username, String password) {}
     public record RefreshRequest(String refreshToken) {}
 }