Bug 1259029 - Web GUI authentication is being invoked many times on Safari
Web GUI authentication is being invoked many times on Safari
Status: CLOSED DUPLICATE of bug 1493276
Product: OpenShift Container Platform
Classification: Red Hat
Component: Auth (Show other bugs)
3.0.0
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Jordan Liggitt
Xiaoli Tian
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-01 15:38 EDT by Ryan Howe
Modified: 2017-09-19 15:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-09-19 15:30:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ryan Howe 2015-09-01 15:38:12 EDT
Description of problem:
 Web GUI authentication is being invoked many times on Safari with the following

"OS X wants to make changes. Type an administrator's name and password to allow this.
OS X wants to use the "System" keychain"

Even when entering in an administrator username and password it keeps prompting  for every single aspect of the site that needs loading. 


Version-Release number of selected component (if applicable):
OpenShift v3 

How reproducible:
Only with Customer. 

Steps to Reproduce:
1.Install V3 
2.Use unsigned CA certs 
3.Browse to OpenShift V3 web console 

Actual results:
Prompted over and over with: 
"OS X wants to make changes. Type an administrator's name and password to allow this.
OS X wants to use the "System" keychain"

Expected results:
Only be prompted once

Additional info:
Comment 2 Jordan Liggitt 2015-09-02 12:39:18 EDT
Once you add the CA to the system trusted roots (see https://support.apple.com/kb/PH18677?locale=en_US), Safari should stop prompting.

Unfortunately, I don't think the default dialog Safari shows walks you through this.
Comment 3 Jordan Liggitt 2015-09-02 12:43:24 EDT
Can you confirm that adding the CA to the system CA's corrects the issue?
Comment 4 Ryan Howe 2015-10-02 16:48:26 EDT
Requesting this bug to be open again. 

As adding to Keychain in System it still has the same issue entering credentials over and over again.  

This may be a docs thing where we need to document how to resolve this issue with Safari. Documentation on how to use your our cert for the webconsole. 

Currently Safari always prompt saying that the "website requires a client certificate"
Comment 5 Jordan Liggitt 2015-10-02 16:55:19 EDT
There are two issues at play, both of which are Safari bugs:

1. Safari does not prompt you to accept the server's signing cert in a permanent way, so websocket requests can fail silently, and later visits to the site sometimes prompt to re-accept an insecure connection. Adding the server's CA to the keychain should resolve that issue.

2. Safari incorrectly prompts to select a client certificate, even when it has no applicable client certificates for the server. The only workaround I'm aware of for this is to remove all client certificates from Safari (including the automatically added one for iCloud/Apple ID)
Comment 6 Ryan Howe 2015-10-06 14:48:14 EDT
Version of OS and Browser: 

OS X 10.10.5
Safari 8.0.8
Comment 8 Ryan Howe 2017-09-19 15:30:31 EDT

*** This bug has been marked as a duplicate of bug 1493276 ***

Note You need to log in before you can comment on or make changes to this bug.