Basic authentication only for OpenSearch Dashboards

Hi Opensearch enjoyers,

Would be possible to configure authentication with login/password only for Dashboards GUI and not for Opensearch itself ?

We trying to avoid a lot of reconfiguring ( meaning add login, password and trusted cert) all apps which are sending logs, metrics and traces to our Opensearch cluster, but it seems like it’s not possible because internal users are under control of and/or security plugin which requires https and auth enabled on Opensearch. Is there some way how to do it ?

Our OpenSearch stack is behind corporate proxy and is not accessible from outside.
We are using OpenSearch and Dashboards both in version 2.1.0.

Thank you for all meaningful comments.

Hi @opensearchgenius

What exactly do you want to achieve? How do you want to connect external apps to the OpenSearch cluster?


Well, simply , we want to achieve that not all user or people in company can see all data/dashboards/logs in Opensearch.

All external apps are already connected to OpenSearch cluster on port 9200. We use different external apps such as: Otell collector + Data Prepepr, Logstash, Fluentbit and Fluentd because there are lot of things in our environment which need to store logs.

Thats why we want to avoid configure all of them to and avoid to set authentication to Opensearch on port 9200.

Hope I explain our problem

@opensearchgenius Have you tried anonymous authentication? If not, please use the below procedure to enable it.

  1. Set “anonymous_auth_enabled” to true in config.yml

  2. Add the below line to opensearch_dashboards.yml

opensearch_security.auth.anonymous_auth_enabled: true
  1. In roles.yml set the following role. (The permissions are just an example.)
  - "unlimited"
  - index_patterns:
    - "*"
    - "unlimited"
  - tenant_patterns:
    - "global_tenant"
    - "kibana_all_write"
  1. In roles_mapping.yml configure the mapping of the anonymous backend role
  - "opendistro_security_anonymous_backendrole"

Please remember to apply security plugin configuration changes with script.

You can also disable SSL on port 9200. To do so, add the following configuration to opensearch.yml file: false
1 Like

Hey @Eugene7

Yes, we already tried it, here is screenshot of error we got after i run

The error is caused by disabling SSL in HTTP 9200. Starting from version 2.0, the connects to OpenSearch through port 9200 (it was 9300 in versions 1.x). requires certificate authentication, which forces SSL on the API endpoint 9200.

1 Like