Has anyone had any success of have any advice for getting Apple products to authenticate against AD in web gateway. We have ongoing problems with IOS and OS X.
We can get the user to auth and the apple device will cache the creds for a while. It appears that fairly randomly (about every 30 mins) the device will flush the cache forcing the user to auth again. Also it would be nice if we could somehow determine a device is an apple device and apply different rules. The Agent string is too unpredictable as it's easily spoofed and each app could present itself as something different.
It's a bit of an open ended question but has anyone got any experience or advice on managing this?
I am not sure why this cache flush occures and I have no Apple device in our MWG lan.
Maybe you can use PDStorage to store auth. token for IP-user pair and bypass proxy authentication for specified time. This should lead to no auth needed at all for specified time.
There is little example how to use PDStorage feature at Online Library: https://contentsecurity.mcafee.com/ruleset_library/dl?type=package&rule_id=50041
Hope this helps.
That's the right way to go. Safari will not necessarily carry the auth info between sessions. And will forget the info as it essentially will go to sleep in between usage and will clear some cache and thus you'll need to re-auth.
The method yuems describes it he way to solve that, but be aware that it might well be that this is basic auth only.
We use a product called Centrify on our Macs and Kerberos authentication for them on the MWG. Users login using their AD credentials and don't have to login to the MWGs.
They have a product for the iPads but only through the mobile management suite.