You have configured your CloudBees Jenkins Operations Center (CJOC) with Client controller security as "SSO (security realm an authorization strategy)" and authentication mapping as "Trusted controller with equivalent security realm".
Anonymous role has given the following permissions:
Overall/Read Job/Read Job/Discover Job/Workspace View/Read
While authenticated access works fine, what you would like to achieve is that anonymous (non-authenticated) browsing is allowed. However, "curling" root URL of a controller gives the following:
Authentication required You are authenticated as: anonymous Groups that you are in: Permission you need to have (but didn't): hudson.model.Hudson.Read ... which is implied by: hudson.security.Permission.GenericRead
With the security settings you have any changes you made in the root context of a client controller will be void since it’s read only at that level.
The filter is most likely set on the client controller in CJOC. You can change the roles and filters for the client controller in CJOC by opening the context menu for the client controller in the list view and select Roles. From there you should be able to remove the filter on anonymous. If it isn’t there the filter might be set on one of the parent folders.