iOS 5/iPad 2 proxy settings not being remembered

There also appear to be some issue with proxy settings in iOS 5 deployed via the new payload capability of iPhone Configuration utility; I wonder if this is related somehow. There is a discussion located at

https://discussions.apple.com/thread/3419332

which you might find interesting.....

We're having the same issue here. We recently deployed 100+ iPads here and I have both a Microsoft forefront TMG server and an older ISA 2004 server, either can be used as the proxy, but I require authentication on both.

The iPads connect via wifi and It works fine on iOS 4, but any iPad updated to iOS 5 starts prompting for a HTTPS proxy. As far as I can tell from the server logs, the iPad is properly using the proxy address & port but not sending the username and password at all.

In general, the normal conversations with the ISA/TMG server is supposed to go something like this:

conversation1:

client: Hello, I want to access site www.authorizedsite.com

TMG server: sure, here you go

conversation2:

client: Hello, I want to access site www.restrictedsite.com

TMG server: eh? what? who are you??

client: lets try this again. Hello, I'm fred, password flintstone, and I want to access site www.restrictedsite.com

TMG server: oh hi fred, here you go

Unfortunatly, it looks to me the second part of conversation 2 doesn't seem to be happening for https, so the iPad is opening a prompt for the user instead of using the stored credentials.

This is bad for my company. I need to find a solution

Has this issue been figured out / resolved yet? With IOS 4 I could use the iPad in my classroom but now with IOS 5 it is rendering itself useless because of its inability to get through the proxy setting problems... Has anyone figured this out (or is Apple working on resolving this issue)?

Hello I have the same configuration a Microsoft TMG as proxy server on 8080 and our Ipad2 ask too many times to enter the AD Credntials to go on the internet through the proxy server ... 😠

Fortunately we don't have this problem on our PC ....

Any solutions, it is very bor... ?

Minor update, the problem is still there but slightly less if we do not use iCloud for backup. Still no solution though.

The issue, as I understand it is this;

1. Apple does not provide any API or easy-to-code solution for proxy settings. Each application and its developer are on their own to implement a working proxy solution - and most don't bother (it seems). It's a shame, if the OS could run all network code through its own handler and correctly enforce the proxy server, this whole thing would be so much better for business/education/enterprise customers.
   
2. A lot of applications use HTTPS and/or a variety of ports to communicate with their web-services. This is fine in itself. With iOS4, this type of traffic was simply not supported at ALL behind an authenticated proxy, and that's why apps use to sit there "loading" forever, or crash due to no network conenction, etc. As of iOS5, it appears Apple have almost implemented support here. And now all the applications that used to just fail connecting are partially working... but need credentials to work.
   
3. Apple does, in part, support Proxy settings for individual networks... but if you choose "Manual", you can only define a HTTP proxy server. These credentials are NOT used for HTTPS connections. That is why the credentials do not appear to be saved... its because they can't. If you turn off most of the location/iCloud/etc services and close all apps from the multitasking panel (or reboot), then you can massively reduce the number of these popups.
   Note: If you use the "Auto" option and specify a well-crafted PAC file location, you can get HTTP and HTTPS proxy to work, but you'll need to enter credentials for each initial request in the user session.

I wish Apple would either change the "Manual" setting to HTTP(S), and support both, allow us to set a HTTP and HTTPS proxy... or even let us have access to a KeyChain on the system where we can save passwords for proxy settings etc. That way, we could all just use the "Auto" option. Further, I wish the Apple devices could correctly locate and use the WPAD file we publish in DNS... that way we don't even need to configure the "Auto" option.

I have the same problem here, is there any new information about it, any solution? Thanks

Bit of a work arround until apple sort out this bug.

Running iOS 5.0.1

We first left the proxy username and password blank when creating the wifi connection. This caused the proxy authentication dialogue box to pop up.

When entering in the domain\username and password, it just asked for the details repeatedly. Pressing cancel 6 times stopped the popup and allowed me to edit the settings.

Entered the domain\username password into the proxy settings for this wifi connection allowed us to launch safari without the prompt.

Settings>WiFi click the arrow next to the wifi name to edit its settings, ensure the HTTP Proxy settings are as follows. Manual, server IP address, Port No, Authentication=ON, Username=Domain\Username, Password=password)

The prompt still returns after power off/on, pressing cancel 6 times allows you to lauch safari etc using the stored username and password.

The request for "Authentication for HTTPS proxy" has been popping up on my iPad at work ever since I updated to iOS 5.

Today I decided to time the intervals in which it pops up- every 12 seconds, regardless of whether I input the relevant username and password or not.

As you can imagine this becomes incredibly infuriating and un productive.

If I am not the only person having this sort of problem, can Apple please look in to addressing this or at least offer some kind of explanation as to why it keeps happening and whether or not it will be fixed in the near future?

Coming very close to throwing a lovely piece of technology at the wall in frustration.

Ta

There are no work-arounds, there are no fixes, and no... updating to iOS 5.0.1 will not help you. This is broken and Apple needs to fix it. No "consumerisation" will not win, and our Network admin will NOT remove proxy authentication from the network to make it work. That's what Apple want me to do, and it's not happening. Here's the deal:

1. There is a difference between a HTTP proxy and a HTTPS proxy, of course, and Apple ONLY let you supply a configuration (using "Manual") for a HTTP connection. Not HTTPS. That's the problem.

2. As such, any request to a secure site (which a LOT of apps use, including Apple's own in-built ones) will fail. As soon as the connection for HTTPS is required, you will get an authentication prompt. The iPhone/iPad CAN NOT use the credentials assigned to the HTTP Proxy for the HTTPS Proxy... they are different. On a Mac (running OSX), these are definately two separate items you need to configure in the network settings and store in the KeyChain. Aple either need to write the "Manual" Proxy setting as both a HTTP and HTTPS connection (using the same KeyChain entry), or allow a HTTPS Proxy to also be specified. I favour the first option for simplicity - though it is not "standard".

3. In iOS4, Apple also supplied a "Manual" setting with a "HTTP Proxy" setting. The big difference in that case is that requests to HTTPS sites, which would require a HTTPS Proxy connection (which was not supported), were simply IGNORED or attempted to get the data using ANONYMOUS access... which in almost all enterprises with proxy servers is flat-out denied. In iOS4 your app would have a spinning wheel forever or would crash when trying to hit a HTTPS site for updates etc. In iOS4 more apps simply didn't work, but failed in a nice and quiet way. This has changed to "allowed" in iOS5, as it now is HTTPS aware and attempts to respond to Proxy auth challenges... but Apple have not provided a way to store a username and password for that connection, so you get an authentication box.

After I installed iOS5, I had my iPad on my desk all day but didn't get a chance to use it. That night I had about forty (40) of those prompts to cancel before I could use the device. Very frustrating. Even if you enter the correct username and password the million times it asks for it, you STILL get prompts... all the time. There is no good answer. If you're lucky enough to fluke a configuration and set of apps that only require HTTP connections, then you'll have no issues. That, from my experience, would be exceedingly rare.

There are three (3) possible answers here;

a) Get the network administrator to turn off authenticated proxy for the entire site. Good luck with that one.

b) Implement a solution using DHCP/TMG/Websense (or whatever your network and security products may be), or use a product like NetBox Blue. If you don't have a solution like NetBox, you'll need to set DHCP reservations for each device by MAC Address, then configure that IP Range to be "unauthenticated" in terms of the proxy server/firewall, and then specify the range an a set of categories for that new typ of conenction (if using web filtering). That will let you do MAC address authentication and bypass the authenticated proxy. This is what we've had to do - and it *****.

c) Wait for Apple to fix the issue. Like I said earlier, they'll either need to repurpose the "HTTP Proxy" option as "HTTP(S) Proxy" and allow HTTPS challenge responses to proxies via the one KeyChain item... or supply a second "HTTPS Proxy" option we can specify under "Manual". It's a fault in their software. To be honest... I preferred it when HTTPS traffic was just blocked (as in iOS4).

I have deployed web proxy for different customers and encountered the same issue.

This seems to be a iOS bug to me. Unfortunately I do not have any device with support coverage anymore, so I did not lodge a case on this. Even one of the built-in service (Geolocation) will not honour the proxy settings in the Settings --> WiFi page. Whenever there is POST request to https://gs-loc.apple.com:443/clls/wloc , you will notice the pop-up request for credentials.Turning off geolocation service will reduce the occurence.

Try talk to your network admin, there are some workaround can be done at the proxy side, for example using client IP address (iPhone / iPad IP address) as surrogate credentials. In this case the proxy will recognize all access request coming from the same IP address for a specific timeframe, without the need to keep on challenging for authentication. This works for me.

Hopefully Apple will solve this in later iOS release, at the same time force all the third-party apps to use the proxy settings configured at the WiFi page.