diff --git a/apps/authentication/backends/cas/middleware.py b/apps/authentication/backends/cas/middleware.py
new file mode 100644
index 000000000..7866bf6e6
--- /dev/null
+++ b/apps/authentication/backends/cas/middleware.py
@@ -0,0 +1,10 @@
+from django_cas_ng.middleware import CASMiddleware as _CASMiddleware
+from django.core.exceptions import MiddlewareNotUsed
+from django.conf import settings
+
+
+class CASMiddleware(_CASMiddleware):
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+        if not settings.AUTH_CAS:
+            raise MiddlewareNotUsed
diff --git a/apps/authentication/backends/oidc/__init__.py b/apps/authentication/backends/oidc/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/apps/authentication/backends/oidc/middleware.py b/apps/authentication/backends/oidc/middleware.py
new file mode 100644
index 000000000..6555c6729
--- /dev/null
+++ b/apps/authentication/backends/oidc/middleware.py
@@ -0,0 +1,10 @@
+from jms_oidc_rp.middleware import OIDCRefreshIDTokenMiddleware as _OIDCRefreshIDTokenMiddleware
+from django.core.exceptions import MiddlewareNotUsed
+from django.conf import settings
+
+
+class OIDCRefreshIDTokenMiddleware(_OIDCRefreshIDTokenMiddleware):
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+        if not settings.AUTH_OPENID:
+            raise MiddlewareNotUsed
diff --git a/apps/jumpserver/middleware.py b/apps/jumpserver/middleware.py
index 8e4696a0f..ed0c1bae6 100644
--- a/apps/jumpserver/middleware.py
+++ b/apps/jumpserver/middleware.py
@@ -3,10 +3,10 @@
 import os
 import re
 import pytz
-from django.core.exceptions import MiddlewareNotUsed
 from django.utils import timezone
 from django.shortcuts import HttpResponse
 from django.conf import settings
+from django.core.exceptions import MiddlewareNotUsed
 from django.http.response import HttpResponseForbidden
 
 from .utils import set_current_request
@@ -45,6 +45,7 @@ class DemoMiddleware:
 
         if self.DEMO_MODE_ENABLED:
             print("Demo mode enabled, reject unsafe method and url")
+            raise MiddlewareNotUsed
 
     def __call__(self, request):
         if self.DEMO_MODE_ENABLED and request.method not in self.SAFE_METHOD \
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
index c041d8c96..b0c617929 100644
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -76,13 +76,13 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'jms_oidc_rp.middleware.OIDCRefreshIDTokenMiddleware',
-    'django_cas_ng.middleware.CASMiddleware',
     'jumpserver.middleware.TimezoneMiddleware',
     'jumpserver.middleware.DemoMiddleware',
     'jumpserver.middleware.RequestMiddleware',
     'jumpserver.middleware.RefererCheckMiddleware',
     'orgs.middleware.OrgMiddleware',
+    'authentication.backends.oidc.middleware.OIDCRefreshIDTokenMiddleware',
+    'authentication.backends.cas.middleware.CASMiddleware',
 ]