At my school district we have student iPads configured to go through a Squid proxy. They need to be able to access it from off campus, so it’s necessary for us to require authorization.
The problem we’re having is that, even though we have the username and password configured in their network settings, after an unpredictable amount of time they get popups asking to reauthenticate. Even if they type in the correct password it just pops up again, giving the impression that the password was incorrect. The only way they can continue working is to tap “Cancel”, but it sometimes takes several “Cancels” before they’re allowed to continue. And then they may get another round of authorization requests within a few minutes.
There is one thing that seems to be predictable, and may even be a clue. If they try to access a secure (https) site that is blocked by our web filter Squid will always ask to reauthenticate over and over until cancel is selected, and then the browser will show Squid’s “not authorized” page instead of the filter’s block page.
We’re using digest_file_auth for authorization, but I’ve tried using basic_ldap_auth against our OSX Lion server on a sandbox server with similar symptoms.
Does anyone have any idea how I can figure out how to fix this?
It’s not used for anything but iPads. The server is running on OSX Server 10.6 (Snow Leopard). And the auth requests have popped up when using any app that accesses the network, not just browsers.
No, because the proxy is exclusively for iPads. It doesn’t matter if it works for Macs, PCs or Linux boxes.
Only as far as repeated requests for authorization. Users are able access the internet after tapping “cancel”, although sometimes it asks 2 or three times again. It seems like it’s asking for authorization even though the device is already authorized. In fact, if you type in a different valid user and password, then click cancel when it asks again, the squid log will show the original user was allowed access.
I dug out an older laptop running Snow Leopard and configured it to use the proxy with similar results. Occasionally asking to reauthenticate and always asking to reauthenticate if trying to access a filtered secure site. And again typing in a correct name/password just results in another auth request, clicking cancel one or more times allows you to access the network - at least for a while.
Ok, well next I would monitor the squid logs, it may say why it’s requiring authorization or rejecting it when the credentials are actually correct (that happens, right?) Might need to turn the logging level up.
Which started in November 2011 and most recent post in July 2014
TLDR version: iPads don’t store HTTPS proxy passwords, only HTTP, and Apple doesn’t seem to be in any hurry to fix the bug, despite numerous complaints.
I just discovered today that if I open the IOS Chrome browser, it will ask for authentication again. Just to combine bodily functions with a jovial facial expression, I entered a different valid name and password. When I checked the Squid logs, I saw that all Safari activity was logged under the first username and Chrome activity was logged under the second. So apparently Chrome ignores the authentication part of the network settings.