Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iOS 5/iPad 2 proxy settings not being remembered

I recently upgraded one of my iPad 2's to iOS 5, but I seem to be having an issue the Wi-Fi connection in work. The wireless network has a hidden SSID and it requires some Manual proxy settings being put into the wireless config.


When I input the relevant information it seems to hold fine for a few seconds but when I go into Safari it prompts for an https:// proxy username and password, if I input the correct details it just prompts again and no matter how many times I input the correct information it still prompts for it over and over again, to the point that you just have to switch the wireless off to stop the message from flashing up.


I have an iPad 2 on iOS 4.3.5 and the same setting work perfectly fine on this iPad 2 but will not work on iOS 5.


I have even tried a Linksys Wireless Access Point plugged into the network with no hidden SSID etc and I still get the same thing on the iOS 5 iPad 2 it continually prompts for the proxy details, but the iOS 4.3.5 iPad2 works fine.


Is this a known glitch or am I just being a total idiot : ( ?

iPad 2, iOS 5

Posted on Nov 2, 2011 6:15 AM

Reply
83 replies

Nov 2, 2011 8:42 AM in response to Bonesaw1962

I noticed that as well, we are using the iPhone Configuration Utility 3.4.0.283 and we still have the same issue with the proxy.

I did come across this article:


https://discussions.apple.com/thread/3384783?start=0&tstart=0


This article does mention there maybe a issue with Wi-Fi networks using WPA2 Enterprise with EAP-TLS but I have not tested to see if this issue is what is effecting us.

Nov 2, 2011 5:22 PM in response to Gibbopool2011

We're having the same issue here. We recently deployed 100+ iPads here and I have both a Microsoft forefront TMG server and an older ISA 2004 server, either can be used as the proxy, but I require authentication on both.


The iPads connect via wifi and It works fine on iOS 4, but any iPad updated to iOS 5 starts prompting for a HTTPS proxy. As far as I can tell from the server logs, the iPad is properly using the proxy address & port but not sending the username and password at all.


In general, the normal conversations with the ISA/TMG server is supposed to go something like this:


conversation1:

client: Hello, I want to access site www.authorizedsite.com

TMG server: sure, here you go


conversation2:

client: Hello, I want to access site www.restrictedsite.com

TMG server: eh? what? who are you??

client: lets try this again. Hello, I'm fred, password flintstone, and I want to access site www.restrictedsite.com

TMG server: oh hi fred, here you go


Unfortunatly, it looks to me the second part of conversation 2 doesn't seem to be happening for https, so the iPad is opening a prompt for the user instead of using the stored credentials.


This is bad for my company. I need to find a solution

Nov 3, 2011 3:47 AM in response to AjohnsonRMC

I have just setup my Linksys Wireless-G Access Point (WAP54G) onto the network here in work. The Linksys has a static IP address assigned to it that is reserved on the DHCP. It is set to a Mixed Mode, Broadcasted SSID (not hidden), running on Channel 11 - 2.462Ghz, no security (it is disabled).

Still I get the same "Authentication for HTTPS Proxy" with the Proxy IP Address :8080 popping up all the time, this is getting annoying now

Nov 12, 2011 5:33 PM in response to Gibbopool2011

The issue, as I understand it is this;


  1. Apple does not provide any API or easy-to-code solution for proxy settings. Each application and its developer are on their own to implement a working proxy solution - and most don't bother (it seems). It's a shame, if the OS could run all network code through its own handler and correctly enforce the proxy server, this whole thing would be so much better for business/education/enterprise customers.
  2. A lot of applications use HTTPS and/or a variety of ports to communicate with their web-services. This is fine in itself. With iOS4, this type of traffic was simply not supported at ALL behind an authenticated proxy, and that's why apps use to sit there "loading" forever, or crash due to no network conenction, etc. As of iOS5, it appears Apple have almost implemented support here. And now all the applications that used to just fail connecting are partially working... but need credentials to work.
  3. Apple does, in part, support Proxy settings for individual networks... but if you choose "Manual", you can only define a HTTP proxy server. These credentials are NOT used for HTTPS connections. That is why the credentials do not appear to be saved... its because they can't. If you turn off most of the location/iCloud/etc services and close all apps from the multitasking panel (or reboot), then you can massively reduce the number of these popups.
    Note: If you use the "Auto" option and specify a well-crafted PAC file location, you can get HTTP and HTTPS proxy to work, but you'll need to enter credentials for each initial request in the user session.


I wish Apple would either change the "Manual" setting to HTTP(S), and support both, allow us to set a HTTP and HTTPS proxy... or even let us have access to a KeyChain on the system where we can save passwords for proxy settings etc. That way, we could all just use the "Auto" option. Further, I wish the Apple devices could correctly locate and use the WPAD file we publish in DNS... that way we don't even need to configure the "Auto" option.

Jan 4, 2012 3:36 AM in response to Gibbopool2011

Bit of a work arround until apple sort out this bug.


Running iOS 5.0.1


We first left the proxy username and password blank when creating the wifi connection. This caused the proxy authentication dialogue box to pop up.

When entering in the domain\username and password, it just asked for the details repeatedly. Pressing cancel 6 times stopped the popup and allowed me to edit the settings.


Entered the domain\username password into the proxy settings for this wifi connection allowed us to launch safari without the prompt.

Settings>WiFi click the arrow next to the wifi name to edit its settings, ensure the HTTP Proxy settings are as follows. Manual, server IP address, Port No, Authentication=ON, Username=Domain\Username, Password=password)


The prompt still returns after power off/on, pressing cancel 6 times allows you to lauch safari etc using the stored username and password.

Jan 5, 2012 2:03 AM in response to Gibbopool2011

The request for "Authentication for HTTPS proxy" has been popping up on my iPad at work ever since I updated to iOS 5.


Today I decided to time the intervals in which it pops up- every 12 seconds, regardless of whether I input the relevant username and password or not.


As you can imagine this becomes incredibly infuriating and un productive.


If I am not the only person having this sort of problem, can Apple please look in to addressing this or at least offer some kind of explanation as to why it keeps happening and whether or not it will be fixed in the near future?


Coming very close to throwing a lovely piece of technology at the wall in frustration.


Ta

Jan 5, 2012 5:09 AM in response to Gibbopool2011

There are no work-arounds, there are no fixes, and no... updating to iOS 5.0.1 will not help you. This is broken and Apple needs to fix it. No "consumerisation" will not win, and our Network admin will NOT remove proxy authentication from the network to make it work. That's what Apple want me to do, and it's not happening. Here's the deal:


1. There is a difference between a HTTP proxy and a HTTPS proxy, of course, and Apple ONLY let you supply a configuration (using "Manual") for a HTTP connection. Not HTTPS. That's the problem.


2. As such, any request to a secure site (which a LOT of apps use, including Apple's own in-built ones) will fail. As soon as the connection for HTTPS is required, you will get an authentication prompt. The iPhone/iPad CAN NOT use the credentials assigned to the HTTP Proxy for the HTTPS Proxy... they are different. On a Mac (running OSX), these are definately two separate items you need to configure in the network settings and store in the KeyChain. Aple either need to write the "Manual" Proxy setting as both a HTTP and HTTPS connection (using the same KeyChain entry), or allow a HTTPS Proxy to also be specified. I favour the first option for simplicity - though it is not "standard".


3. In iOS4, Apple also supplied a "Manual" setting with a "HTTP Proxy" setting. The big difference in that case is that requests to HTTPS sites, which would require a HTTPS Proxy connection (which was not supported), were simply IGNORED or attempted to get the data using ANONYMOUS access... which in almost all enterprises with proxy servers is flat-out denied. In iOS4 your app would have a spinning wheel forever or would crash when trying to hit a HTTPS site for updates etc. In iOS4 more apps simply didn't work, but failed in a nice and quiet way. This has changed to "allowed" in iOS5, as it now is HTTPS aware and attempts to respond to Proxy auth challenges... but Apple have not provided a way to store a username and password for that connection, so you get an authentication box.


After I installed iOS5, I had my iPad on my desk all day but didn't get a chance to use it. That night I had about forty (40) of those prompts to cancel before I could use the device. Very frustrating. Even if you enter the correct username and password the million times it asks for it, you STILL get prompts... all the time. There is no good answer. If you're lucky enough to fluke a configuration and set of apps that only require HTTP connections, then you'll have no issues. That, from my experience, would be exceedingly rare.


There are three (3) possible answers here;


a) Get the network administrator to turn off authenticated proxy for the entire site. Good luck with that one.


b) Implement a solution using DHCP/TMG/Websense (or whatever your network and security products may be), or use a product like NetBox Blue. If you don't have a solution like NetBox, you'll need to set DHCP reservations for each device by MAC Address, then configure that IP Range to be "unauthenticated" in terms of the proxy server/firewall, and then specify the range an a set of categories for that new typ of conenction (if using web filtering). That will let you do MAC address authentication and bypass the authenticated proxy. This is what we've had to do - and it *****.


c) Wait for Apple to fix the issue. Like I said earlier, they'll either need to repurpose the "HTTP Proxy" option as "HTTP(S) Proxy" and allow HTTPS challenge responses to proxies via the one KeyChain item... or supply a second "HTTPS Proxy" option we can specify under "Manual". It's a fault in their software. To be honest... I preferred it when HTTPS traffic was just blocked (as in iOS4).

Jan 5, 2012 8:38 AM in response to Gibbopool2011

I have deployed web proxy for different customers and encountered the same issue.


This seems to be a iOS bug to me. Unfortunately I do not have any device with support coverage anymore, so I did not lodge a case on this. Even one of the built-in service (Geolocation) will not honour the proxy settings in the Settings --> WiFi page. Whenever there is POST request to https://gs-loc.apple.com:443/clls/wloc , you will notice the pop-up request for credentials.Turning off geolocation service will reduce the occurence.


Try talk to your network admin, there are some workaround can be done at the proxy side, for example using client IP address (iPhone / iPad IP address) as surrogate credentials. In this case the proxy will recognize all access request coming from the same IP address for a specific timeframe, without the need to keep on challenging for authentication. This works for me.


Hopefully Apple will solve this in later iOS release, at the same time force all the third-party apps to use the proxy settings configured at the WiFi page.

iOS 5/iPad 2 proxy settings not being remembered

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.