diff --git a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java
index 77cab13880c27..e7c4a0bea2775 100644
--- a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java
+++ b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java
@@ -14,6 +14,7 @@
 import org.apache.shiro.mgt.SecurityManager;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 import org.opensearch.plugins.Plugin;
@@ -61,4 +62,12 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return this.authTokenHandler;
     }
+
+    /**
+     * passthrough for test module
+     * @param subject
+     * @param authToken
+     */
+    @Override
+    public void authenticate(Subject subject, AuthToken authToken) {}
 }
diff --git a/server/src/main/java/org/opensearch/identity/IdentityService.java b/server/src/main/java/org/opensearch/identity/IdentityService.java
index 3129c201b9a39..c82084caf7342 100644
--- a/server/src/main/java/org/opensearch/identity/IdentityService.java
+++ b/server/src/main/java/org/opensearch/identity/IdentityService.java
@@ -10,6 +10,7 @@
 import org.opensearch.OpenSearchException;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.identity.noop.NoopIdentityPlugin;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 
@@ -57,4 +58,11 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return identityPlugin.getTokenManager();
     }
+
+    /**
+     * Attempts to authenticate the provided subject using the provided token
+     */
+    public void authenticate(Subject subject, AuthToken token) {
+        identityPlugin.authenticate(subject, token);
+    }
 }
diff --git a/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java b/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java
index 090b1f1d025e0..dcc5d5a77827f 100644
--- a/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java
+++ b/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java
@@ -9,6 +9,7 @@
 package org.opensearch.identity.noop;
 
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 
@@ -38,4 +39,9 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return new NoopTokenManager();
     }
+
+    @Override
+    public void authenticate(Subject subject, AuthToken authToken) {
+        // Do nothing since noop
+    }
 }
diff --git a/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java b/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java
index 410535504f0dd..ca25b0c3c366c 100644
--- a/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java
+++ b/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java
@@ -9,6 +9,7 @@
 package org.opensearch.plugins;
 
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 
 /**
@@ -29,4 +30,9 @@ public interface IdentityPlugin {
      * @return Should never return null.
      */
     public TokenManager getTokenManager();
+
+    /**
+     * Attempt to authenticate the provided subject using the provided authToken
+     */
+    public void authenticate(Subject subject, AuthToken authToken);
 }
diff --git a/server/src/main/java/org/opensearch/rest/RestController.java b/server/src/main/java/org/opensearch/rest/RestController.java
index cc48b59699a17..d1d576693b160 100644
--- a/server/src/main/java/org/opensearch/rest/RestController.java
+++ b/server/src/main/java/org/opensearch/rest/RestController.java
@@ -535,7 +535,7 @@ private boolean handleAuthenticateUser(final RestRequest request, final RestChan
                 return true;
             }
             final Subject currentSubject = identityService.getSubject();
-            currentSubject.authenticate(token);
+            identityService.authenticate(currentSubject, token);
             logger.debug("Logged in as user " + currentSubject);
         } catch (final Exception e) {
             try {