Anonymous User - Multiple Authentication

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):


Describe the issue:
I would like to have opensearch configured such as user can either login (via ldap) and do what ever they need to based on their roles or have an anonymous user with RO access.

i know that the 2 things can be done separetly (we use ldap today) and i’ve seen (but never understood how to configure) the anonymous user with

The reason for the anonymous use is iframe embedding of some dashboards…
with Elastic the configuration was straight forward but with opensearch i am struggling to understand how that would be done…

i hope that’s actually possible with the help if the multiple-authentication options feature just added

if anyone could help me, i would be extremelly grateful, below is a screenshot from elasticsearch

Relevant Logs or Screenshots:


Hi there,

Multiple Authentication Option feature for OpenSearch Dashboards can also enable anonymous login along with Basic authentication and OIDC. Configuration Steps:

  1. Follow the instructions to enable multiple authentication for basic and OIDC
  2. Enable Anonymous login:
  • opensearch_dashboards.yml

    opensearch_security.auth.anonymous_auth_enabled: true

  • config.yml

1 Like

Thanks for the feedback… OIDC ? if you mean openid, then with what am i supposed to connect it to? we have no connection to openid providers

we are using LDAP

Hi @anubisg1,

Authentication type: openid defined by OpenSearch Dashboards is based on OpenID Connect (OIDC) protocol. If I did not misunderstood, you configure LDAP as your authentication backend for basic authentication. If that is true, you do not need to enable multiple authentication. You can follow the steps in below:

  1. Follow the instructions to enable basic auth with LDAP as authentication backend
  2. Enable Anonymous login:
  • opensearch_dashboards.yml

    opensearch_security.auth.anonymous_auth_enabled: true
  • config.yml

         anonymous_auth_enabled: true



Thank you for your reply. i think that in config.yml you meant to say:


This is my configuration


opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch.ssl.verificationMode: none
opensearchDashboards.branding.applicationTitle: XXXXX
opensearchDashboards.branding.faviconUrl: 'XXXX'
opensearchDashboards.branding.logo.defaultUrl: 'XXX'
opensearchDashboards.branding.mark.darkModeUrl: 'XXX'
opensearchDashboards.branding.mark.defaultUrl: 'XXXX'
opensearch_security.auth.anonymous_auth_enabled: true
opensearch_security.multitenancy.enable_filter: false
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: false
opensearch_security.multitenancy.tenants.preferred: ["Global"]
opensearch_security.ui.basicauth.login.brandimage: 'XXX'
opensearch_security.ui.basicauth.login.title: xxxx
server.maxPayloadBytes: 8388608 opensearch-cluster-dashboards


    do_not_fail_on_forbidden: true
      anonymous_auth_enabled: true
        http_enabled: true
        transport_enabled: true
        order: "4"
          type: basic
          challenge: true
          type: intern    

The problem i see is that if i land on the dashboard page i get automatically logged in as “opendistro_security_anonymous” and there is no button “log in as anonymous”.
to login with username and password i must first log out from anonymous, then enter my credentials


Hi @anubisg1,

That is the expected behavior for anonymous login for now. If you have any feedbacks on the existing authentication experience, please feel free to leave your feedbacks on:

  1. Feedback Forum
  2. OpenSearch Dashboards Repo

Looking forward to your feedback!

In your screenshot you have “login as anonymous”. How did you achieve that?

This is exactly what I am after