a suggestion for Apache HTTPD and mod_jk:

If you prefer "anonymous" as REMOTE_USER for Tomcat

    <Location unprotectedURL>
    RewriteEngine On
    RewriteRule .* - [E=JK_REMOTE_USER:anonymous]
    </Location>

https://tomcat.apache.org/connectors-doc/common_howto/proxy.html

To disable Shibboleth session requirement

    <Location unprotectedURL>
    ShibRequestSetting requireSession 0
    </Location>

https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335062/Apache#Enabling-the-Module-for-Authentication

The combination should give you a publicly accessible URL with a user set behind the scenes.