Anonymous user is not working in Opensearch 2.x.x

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Docker images:
opensearchproject/opensearch:2.0.0 to 2.5.0
opensearchproject/opensearch-dashboards:2.0.0 to 2.5.0

Describe the issue:
The anonymous user (opendistro_security_anonymous) is not working Opensearch and Opensearch-Dashboards 2.x.x versions but is working on 1.3.8 and below. The same configuration works properly in 1.3.8 but doesn’t work in 2.x.x.

Configuration:
config.yml

config:
  dynamic:
    http:
      anonymous_auth_enabled: true

opensearch_dashboards.yml

opensearch_security.auth.anonymous_auth_enabled: true

Relevant Logs or Screenshots:
Accessing the service always shows the same login page:
image

@drodr Take a look at these steps.

Thanks Pablo for your reply.

Finally problem was the path of the config files:

  • Versions 1.x: /usr/share/opensearch/plugins/opensearch-security/securityconfig/
  • Versions 2.x: /usr/share/opensearch/config/opensearch-security/.

In your proposed configuration, it is only needed if you want to give write permissions to the anonymous user.

Do you know how to add another tenant to anonymous user? Because when I switch to another tenant (different from Global) apparently it is switched but the objects are still belong to Global tenant. I tried with your proposed configuration but the result is the same.

In my example:

  • In Global tenant I added the [eCommerce] Revenue Dashboard example data.
  • In public tenant I added [Logs] Web Traffic example data.

As can be seen on the screenshot, the tenant says public but shows the Global tenant content
[eCommerce] Revenue Dashboard.

Thanks.

@drodr I’ve reproduced your issue. The reason why you see the same Dashboard in all tenants is that the anonymous user doesn’t create its own .kibana index and access the existing main .kibana (Global).

In my opinion, this is a bug. Please report it to OpenSeach Security Github and share the bug link here.