AJAX calls have special http header values. PL IDP needs to ignore these requests and not subject them to authentication processes.
The request is to have a configuration switch that detects ajax calls. When such a call would arrive when there is not valid session, the server should not redirect but should send a standard 403.