Failed to authenticate secondary user – How to solve this Elasticsearch exception

Opster Team

August-23, Version: 7.7-8.9

Briefly, this error occurs when Elasticsearch is unable to verify the credentials of a secondary user. This could be due to incorrect username or password, or the user might not have the necessary permissions. To resolve this issue, you can: 1) Check and confirm the user credentials; 2) Ensure the user has the necessary permissions; 3) If using a security plugin, ensure it’s correctly configured; 4) Check the Elasticsearch logs for more detailed error information.

This guide will help you check for common problems that cause the log ” Failed to authenticate secondary user ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Log Context

Log “Failed to authenticate secondary user” class name is We extracted the following from Elasticsearch source code for those seeking an in-depth context :

 final ActionListener authenticationListener = new ContextPreservingActionListener<>(
 ActionListener.wrap(authentication -> {
 if (authentication == null) {
 logger.debug("secondary authentication failed - authentication service returned a null authentication object");
 listener.onFailure(new ElasticsearchSecurityException("Failed to authenticate secondary user"));
 } else {
 logger.debug("secondary authentication succeeded [{}]"; authentication);
 listener.onResponse(new SecondaryAuthentication(securityContext; authentication));
 }; e -> {


How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?