diff --git a/x-pack/plugins/security/common/licensing/index.mock.ts b/x-pack/plugins/security/common/licensing/index.mock.ts
index 88cb3206a253..ed89ad5cc505 100644
--- a/x-pack/plugins/security/common/licensing/index.mock.ts
+++ b/x-pack/plugins/security/common/licensing/index.mock.ts
@@ -9,7 +9,7 @@ import { SecurityLicense, SecurityLicenseFeatures } from '.';
 
 export const licenseMock = {
   create: (features?: Partial<SecurityLicenseFeatures>): jest.Mocked<SecurityLicense> => ({
-    isLicenseAvailable: jest.fn(),
+    isLicenseAvailable: jest.fn().mockReturnValue(true),
     isEnabled: jest.fn().mockReturnValue(true),
     getType: jest.fn().mockReturnValue('basic'),
     getFeatures: jest.fn(),
diff --git a/x-pack/plugins/security/server/authentication/authentication_service.test.ts b/x-pack/plugins/security/server/authentication/authentication_service.test.ts
index 244cf1d0a8f5..59771c502701 100644
--- a/x-pack/plugins/security/server/authentication/authentication_service.test.ts
+++ b/x-pack/plugins/security/server/authentication/authentication_service.test.ts
@@ -121,6 +121,23 @@ describe('AuthenticationService', () => {
           .authenticate;
       });
 
+      it('returns error if license is not available.', async () => {
+        const mockResponse = httpServerMock.createLifecycleResponseFactory();
+
+        mockSetupAuthenticationParams.license.isLicenseAvailable.mockReturnValue(false);
+
+        await authHandler(httpServerMock.createKibanaRequest(), mockResponse, mockAuthToolkit);
+
+        expect(mockResponse.customError).toHaveBeenCalledTimes(1);
+        expect(mockResponse.customError).toHaveBeenCalledWith({
+          body: 'License is not available.',
+          statusCode: 503,
+          headers: { 'Retry-After': '30' },
+        });
+        expect(mockAuthToolkit.authenticated).not.toHaveBeenCalled();
+        expect(mockAuthToolkit.redirected).not.toHaveBeenCalled();
+      });
+
       it('replies with no credentials when security is disabled in elasticsearch', async () => {
         const mockRequest = httpServerMock.createKibanaRequest();
         const mockResponse = httpServerMock.createLifecycleResponseFactory();
diff --git a/x-pack/plugins/security/server/authentication/authentication_service.ts b/x-pack/plugins/security/server/authentication/authentication_service.ts
index 6cd20592f21a..e435ae43f3bf 100644
--- a/x-pack/plugins/security/server/authentication/authentication_service.ts
+++ b/x-pack/plugins/security/server/authentication/authentication_service.ts
@@ -106,8 +106,20 @@ export class AuthenticationService {
     });
 
     http.registerAuth(async (request, response, t) => {
-      // If security is disabled continue with no user credentials and delete the client cookie as well.
+      if (!license.isLicenseAvailable()) {
+        this.logger.error('License is not available, authentication is not possible.');
+        return response.customError({
+          body: 'License is not available.',
+          statusCode: 503,
+          headers: { 'Retry-After': '30' },
+        });
+      }
+
+      // If security is disabled, then continue with no user credentials.
       if (!license.isEnabled()) {
+        this.logger.debug(
+          'Current license does not support any security features, authentication is not needed.'
+        );
         return t.authenticated();
       }