Opensearch-Dashboard directing to login page even though security is disabled

I am installed Opensearch and Opensearch-dashboards via docker image. I disabled the security in both opensearch.yml and opensearch-dashboard.yml. Still after restarting docker I am redirected to login page even though security is disabled.

opensearch_dashboards.yml

server.host: "0"
opensearch.hosts: ["http://localhost:9200"]
opensearch.ssl.verificationMode: none
#opensearch.username: "kibanaserver"
#opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ ]

#opensearch_security.multitenancy.enabled: true
#opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
#opensearch_security.readonly_mode.roles: ["kibana_read_only"]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false

opensearch.yml for both nodes

cluster.name: docker-cluster

# Bind to all interfaces because we don't know what IP address Docker will assign to us.
network.host: 0.0.0.0

# # minimum_master_nodes need to be explicitly set when bound on a public IP
# # set to 1 to allow single node clusters
# discovery.zen.minimum_master_nodes: 1

# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
#discovery.type: single-node

plugins.security.disabled: true


######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
plugins.security.ssl.transport.pemcert_filepath: esnode.pem
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: false
plugins.security.ssl.http.pemcert_filepath: esnode.pem
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]
node.max_local_storage_nodes: 3
######## End OpenSearch Security Demo Configuration ########

1 Like

I too encountered this issue - in the end I had too dig through the source code of opensearch-dashboards-docker-entrypoint.sh within the docker image to find a sneaky environment variable $DISABLE_SECURITY_DASHBOARDS_PLUGIN. After setting this to true as part of the container start up environment variables I am no longer redirected to the login page on first access to the dashboards server.