Unauthenticated routes in security plugin

Hello everyone,

Any idea on how to configure OD security plugin’s unauthenticated routes? My goal is to add a reset password page. I added a new plugin and cofigure it like so:

uiExports: {
      hacks: [
      apps: [
          id: 'reset-password',
          title: 'Reset password',
          auth: false,
          hidden: true,
          main: 'plugins/login_plugin/reset-password'
      styleSheetPaths: [resolve(__dirname, 'public/index.scss'), resolve(__dirname, 'public/index.css')].find(p => existsSync(p))

But If not logged in, reset-password page can’t be accessed and it redirects back to login page.

I also tried in kibana.yml
opendistro_security.auth.unauthenticated_routes: ["/reset-password"]
but it still asks for username and password to access the page. Need some help, pls.
I’m using OP security plugin version 7.x.x with kibana 7.3.2.

Hallo mibra,

did you ever get opendistro_security.auth.unauthenticated_routes to work? I also try to exclude some urls from authentication if it seems as if opendistro_security.auth.unauthenticated_routes is just ignored.

Nevermind, I found my mistake: URL listed in opendistro_security.auth.unauthenticated_routes must start with ‘/’.