Description of problem: Web GUI authentication is being invoked many times on Safari with the following "OS X wants to make changes. Type an administrator's name and password to allow this. OS X wants to use the "System" keychain" Even when entering in an administrator username and password it keeps prompting for every single aspect of the site that needs loading. Version-Release number of selected component (if applicable): OpenShift v3 How reproducible: Only with Customer. Steps to Reproduce: 1.Install V3 2.Use unsigned CA certs 3.Browse to OpenShift V3 web console Actual results: Prompted over and over with: "OS X wants to make changes. Type an administrator's name and password to allow this. OS X wants to use the "System" keychain" Expected results: Only be prompted once Additional info:
Once you add the CA to the system trusted roots (see https://support.apple.com/kb/PH18677?locale=en_US), Safari should stop prompting. Unfortunately, I don't think the default dialog Safari shows walks you through this.
Can you confirm that adding the CA to the system CA's corrects the issue?
Requesting this bug to be open again. As adding to Keychain in System it still has the same issue entering credentials over and over again. This may be a docs thing where we need to document how to resolve this issue with Safari. Documentation on how to use your our cert for the webconsole. Currently Safari always prompt saying that the "website requires a client certificate"
There are two issues at play, both of which are Safari bugs: 1. Safari does not prompt you to accept the server's signing cert in a permanent way, so websocket requests can fail silently, and later visits to the site sometimes prompt to re-accept an insecure connection. Adding the server's CA to the keychain should resolve that issue. 2. Safari incorrectly prompts to select a client certificate, even when it has no applicable client certificates for the server. The only workaround I'm aware of for this is to remove all client certificates from Safari (including the automatically added one for iCloud/Apple ID)
Version of OS and Browser: OS X 10.10.5 Safari 8.0.8
*** This bug has been marked as a duplicate of bug 1493276 ***