Currently Being ModeratedSep 25, 2012 12:30 AM (in response to Gibbopool2011)
I've done the upgrade to iOS v6 and I haven't found any new issues with proxies but the original issue has still not be rectified. This has now being going on too long apple really need to get their fingers out and sort this problem out or they are going to loose corporate customers.
Currently Being ModeratedSep 25, 2012 1:03 AM (in response to ctg201175)
Well, that is not good news - what the **** is going on here, this is clearly a widespread problem, with not a mention of a fix or solution in sight. Our students cannot keep having this issue, it is interupting our teaching!! I can see the annoyance on the students faces when it keeps happening...
Currently Being ModeratedSep 25, 2012 1:25 AM (in response to Gibbopool2011)
I still don't know what is going on with this issue, and whether any fix was meant to reside within the iOS6 code or not - Apple are annoyingly silent on the matter. So, in testing, I upgaded my personal iPad and a School iPad to iOS 6... with split results. I first tried entering our TMG servers details into the "Manual" setting, using authentication, and gave that a test. We've now configured that TMG box to have highly-restrictive filtering such that browsing apple.com will get blocked and display a message if no user authentication is passed - it's our test process, don't ask. Anyway, we found that, indeed, things were getting blocked. So my HTTP Proxy authentication wasn't working, even though filled out correctly. Not looking good.
I then tried using the PAC file and "Auto". It started good by asking my for credentials on the first app I launched, but strange stuff happened when using it. Seems to be hit and miss, though better than in iOS5. Finally I tried "Manual", pointing straight at the WebSense filter and had a lot of success... before not having ANY success. Grrr.
I tried on the second iPad and had COMPLETELY different results. In what seems like my usual testing outcome, where you can test several Apple devices and have only 75% success rate or less doing the same thing, I can't pick which method worked and which didn't. We need to figure this out, so I will wipe some devices and start testing correctly. I'll post back when I know more.
P.S. Interestingly, the second iPad I tested, when using the TMG box as the proxy in "manual", seemed to work. Sure, even though I had the username/password entered, I got prompted again. But after that, I had HTTP and HTTPS apps working fine, and without additional proxy credential requests. Though I could also access sites which SHOULD have been filtered... so it broke other stuff. It may or may not be better at this point. But the fact that we don't have a KeyChain app yet (or option for HTTPS Proxy) means we could face another year of misery with this.
Currently Being ModeratedSep 25, 2012 8:09 AM (in response to NKX)
how were u able to change the WebSense setting to allow you access?
Currently Being ModeratedSep 28, 2012 6:38 AM (in response to Gibbopool2011)
Well, let us add another equasion to the mix - It appears now that since I have 'upgraded' to iOS6, my 'wireless settings' seem to drop off intermittently. I can be sitting here attached to my preferred SSID and then all of a sudden when I attempt to connect to something, it comes up with a 'Sorry, you aren't connected to the interwebz anymore' You go in to verify that you are still connected to your preferred AP and viola! You are 'Not Connected'
I have even changed the 'Auto-Join' radio switch to 'On' but it still appears to drop the SSID.
Is this normal as well?
Currently Being ModeratedSep 28, 2012 6:56 AM (in response to Hola_T)
Ahhh, you're not realy changing WebSense to get access, rather than breaking it slightly
Put simply, we have assigned each device a specific IP address, based on their MAC address, as a DHCP reservation. So, when you configure the wireless and enter your user credentials, RADIUS dumps you onto a special DHCP scope where you get a "special" IP address from the above reservation. That range of IP addresses are configured within WebSense to be unauthenticated - but still are still filtered (by a "testing" profile with a somewaht restrictive set of categories). It's not great, but it works for our testing purposes.
When we run our WebSense reports, however, we see an IP address in the lists instead of a user name, and that is annoying. We do have a user/device associated with each IP address though, so we can refer back to the list if we need to. We're now investigating the RADIUS plugin, and maybe even a new SSID with captive portal and identity management... but that's some way (and chunk of change) away. For now, the above solution - which you can also do with WebSense if it's running as a TMG plugin, just that you need to add the IP range in both solutions and unauthenticated in TMG - is the best we have to avoid the HTTPS Proxy nag-prompt-nightmare without breaking filtering for our other devices.
One new anoyance with iOS devices... sometimes the proxy auth box is allowed to pop up while the device is at the lock screen. This locks up the device solid. You can't slide to unlock because the popup has focus. You can't enter credentials into the auth box, because it's on the "lock screen" and can't pop up the on-screen keyboard. You can't interact with the "Cancel" button... because it's on the lock screen. You can't power the deice off, because the auth box is in focus. Hard power-off is the only answer.
NONE OF THIS should be required though. Apple... fix this, PLEASE!
Currently Being ModeratedSep 28, 2012 6:58 AM (in response to ShaneGraham057)
I haven't noticed that so far. Though I have found the wireless connection to devices acting as a hot-spot to now constantly break the internet connection. While there is a slim chance iOS6 may help wth ptoxy issue, it sure is giving me other problems to investigate. Having the "Find My iPhone" app use the new maps AND seemingly not talking to the GPS correctly is a pain. And that's one tiny feature. Grrrr indeed.
Currently Being ModeratedNov 22, 2012 5:07 AM (in response to NKX)
sorry ios6 does not fix the problem, apple doesn't care about enterprise networks with proxies, I get 12 popups for proxy authentication in 6 minutes though all credentials are saved Http-proxy/Manual.
Currently Being ModeratedJan 2, 2013 6:14 AM (in response to ctg201175)
I work in NYC public schools, and have found that since I don't need authentication anyway, just putting the proxy URL in the Auto field instead of Manual does the job.
This likely helps few, but for those that dont need a proxy password, I hope it helps.
Currently Being ModeratedJun 12, 2013 8:15 PM (in response to Gibbopool2011)
I have run into this problem a couple of times, once time i just reset the Ipad and set it up again. But i just had a student some to me with the same issue, this time i used Iphone Configuration Utility to setup the wireless and it worked.
Hope this helps.
Currently Being ModeratedSep 19, 2013 5:08 PM (in response to Gibbopool2011)
I was hoping that iOS7 would have fixed this issue
but no, the problem is still there
It works fine connecting through HTTP, but it constantly will still ask for HTTPS proxy authentication
All apple need to do is put in another line for HTTPS username/password authention like that do with their macbooks
I guess they just do not care because we are a minority
Currently Being ModeratedSep 24, 2013 1:11 AM (in response to mrtypr)
The bug remains exactly the same in iOS7.
PLEASE fix this one..
Currently Being ModeratedOct 1, 2013 4:28 AM (in response to Gibbopool2011)
Does Apple want their products to be used in schools? Or in business? I work in a school and due to this issue that apple presumably know about and have decided not to fix, we will be using other devices. I will never recommend apple for education that is for sure!
Currently Being ModeratedOct 7, 2013 10:24 PM (in response to Gibbopool2011)
Has anyone tried icab yet?
It works slightly differently to Safari and doesnt use the ipad's native settings.
And you can put in your credentials that stick so even if the auth box keeps popping back up, at least your details are already punched into it. May not be a fix, but it saves you putting in your password over and over.
I mentioned it over a year ago and the idea was poo pooed.
Or why not build your own browser and put all the suggestions in from this forum? ie separate fields for http / https. There's heaps of other people here with the same problem, so obviously there's a market for it.
I dont think apple are going to listen to this problem anytime soon, it's been 2 years now. Why doesn't someone do something about it rather than cursing apple for a fix? For all the hurdles we had with our ipads, we sought our own solutions rather than crossing our fingers in hope Apple will sort it next update. We now have over 600 on our school network working smoothly.
I'd certainly hate to be that poor school that has been recommended another device else due to this one issue. I bought surface tablet as a trial and that thing was god awful. No-one likes it. You want problems??? Get a Surface!