diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
index c924d687702..d6fe49d3058 100644
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@@ -56,6 +56,9 @@ public class InternalAuthenticationService extends AbstractComponent implements
         AuthenticationToken token = token(request);
         if (token == null) {
             if (anonymouseUser != null) {
+                // we must put the user in the request context, so it'll be copied to the
+                // transport request - without it, the transport will assume system user
+                request.putInContext(USER_KEY, anonymouseUser);
                 return anonymouseUser;
             }
             auditTrail.anonymousAccessDenied(request);
@@ -65,6 +68,8 @@ public class InternalAuthenticationService extends AbstractComponent implements
         if (user == null) {
             throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for REST request [" + request.uri() + "]");
         }
+        // we must put the user in the request context, so it'll be copied to the
+        // transport request - without it, the transport will assume system user
         request.putInContext(USER_KEY, user);
         return user;
     }
diff --git a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
index 5296dc84f41..8f0bf6d07f6 100644
--- a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
+++ b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
@@ -443,6 +443,8 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         RestRequest request = new InternalRestRequest();
 
         User user = service.authenticate(request);
+        assertThat(request.getFromContext(InternalAuthenticationService.USER_KEY), notNullValue());
+        assertThat(request.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
         assertThat(user, notNullValue());
         assertThat(user.principal(), equalTo(username));
         assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3"));