@swi This does not appear to be possible, as xpack.security is disabled.
There is a similar case here
This is to do with _security HTTP/REST handler missing as xpack.security is disabled.
Best way to check supported features is to refer to docs here if its not listed, it’s either not compatible or works but has issues.