+ Post New Thread
Results 1 to 14 of 14
Netbooks, PDA and Phones Thread, Ipad, Bloxx and authentication in Technical; We are currently beginning the early phases of an Ipad project here at Clevedon school, One of the issues we ...
  1. #1
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Ipad, Bloxx and authentication

    We are currently beginning the early phases of an Ipad project here at Clevedon school, One of the issues we have is that filtering is provided by a BLOXX box, requiring authentication against a user account.
    We have already had major issues with Ipads and HTTPS, but are wondering how we get around the 'enter username and password' issue, eventually every student in the school will have one of these and we will need to retain filtering

  2. #2
    rbelson's Avatar
    Join Date
    Feb 2011
    Posts
    36
    Thank Post
    3
    Thanked 7 Times in 7 Posts
    Rep Power
    9
    Authenticated proxies and the iPad raise several challenges, the biggest being that many apps don't observe the iPad's system settings for proxies and try to connect straight out to the Internet.

    PAC files are supported within iOS and may help in your scenario. We are hoping for proxy support for MDM services (such as Lion server) to come in iOS 5 (fingers crossed!)

    As always, Apple Solution Experts for Education can normally offer professional support and advice on this. See here for more

  3. #3
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    At the moment, we are just testing with a small group of users, and the teacher wants to use the wireless capabilities rather than the 3g capabilities, is there any way we can get this to work, with our current authnticated proxy solution?

  4. #4

    Join Date
    May 2009
    Location
    kidderminster
    Posts
    119
    Thank Post
    27
    Thanked 23 Times in 21 Posts
    Rep Power
    0
    Quote Originally Posted by ittech View Post
    At the moment, we are just testing with a small group of users, and the teacher wants to use the wireless capabilities rather than the 3g capabilities, is there any way we can get this to work, with our current authnticated proxy solution?
    HTTPS issues are down to your network security blocking Apple's Certificate Server, which uses the same Certificates as other secure web sites such as banks so if you can access these on your PC's you shouldn't get a problem with the iPads.

    I have installed class sets of iPads at schools with a Bloxx Proxy Filtering System before and not had a problem...

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Probably depends on your authentication type - can the latest bloxx offer a different auth type (eg. captive portal) on a separate proxy port, for example? Thats how we'd approach it usually.

  6. #6
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    OK, i've approached this a slightly different way and added the Bloxx authentication details into the proxy settings of the ipad. My issue now is that despite adding these setting, the ipad constantly prompts for authentication details. I notice that the BBC news app prompts for username, password and domain. In the ipad settings however you're only asked for username and password. Entering the username in the format of domain/user seems to have no effect.
    Another issue I have is that because we have an ISA server I cannot just allow non-authenticated users out on the unfiltered proxy either (cheers Microsoft for that 'feature') So Either I have to go out via BLOXX or hand out unfiltered proxy settings to users. (no way Jose!)
    Any ideas anyone?

  7. #7
    Abaddon's Avatar
    Join Date
    Mar 2006
    Location
    Middlesex
    Posts
    600
    Thank Post
    72
    Thanked 68 Times in 63 Posts
    Rep Power
    60
    I'm having this issue with BLOXX as well - despite entering known good credentials into the iPad proxy settings, it just keeps asking. Very irritating, and means for the moment at least, the iPads are unfiltered - teacher discretion and attention is required. Luckily, it's just a single trolley of iPads (27), so it's not too onerous. I'm told it's a bug in iOS 4.3.5, and that the same bug remains in iOS 5... Hope it's fixed. Apparantly it just ignores the settings in there.

  8. #8

    Join Date
    Jan 2011
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    yep same issue here with all the iphones and ISA. makes them a bit unusable until a fix comes out.
    Last edited by backwellschool; 1st December 2011 at 04:37 PM.

  9. #9

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,080
    Thank Post
    1,637
    Thanked 1,956 Times in 1,431 Posts
    Blog Entries
    2
    Rep Power
    440
    Right you need to do transparent filtering. No two ways about this as the vast majority of your programs cannot see any proxy settings on the ipads. So set up the DNS to point to you proxy and set it to transparent and bam, everyone is filtered. Set an appropriate level for the ipads and bobs your uncle. With the HTTPS issue, set it as available for everyone, but still set everything else as you normally would.

  10. #10

    Join Date
    Dec 2011
    Location
    Bristol
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Can you expand a little more on how you have managed to get filtered internet on the Ipads working without it asking for authentication all the time but still have normal user filtered access on the PC's.

    Cheers!

  11. #11

    Join Date
    Dec 2011
    Location
    Bristol
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Any update???

  12. #12

    Join Date
    Jan 2011
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nephilim View Post
    Right you need to do transparent filtering. No two ways about this as the vast majority of your programs cannot see any proxy settings on the ipads. So set up the DNS to point to you proxy and set it to transparent and bam, everyone is filtered. Set an appropriate level for the ipads and bobs your uncle. With the HTTPS issue, set it as available for everyone, but still set everything else as you normally would.

    As nephilim mentioned, the apps will ignore any proxy settings you give the iPad. A transaparent deployment may be the answer to your problems.
    Give Bloxx support a call, they should be able to help you out.

    Ronnie

  13. #13
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,167
    Thank Post
    78
    Thanked 258 Times in 230 Posts
    Rep Power
    78
    Try the username in the username@domain format - android uses this but not the domain\username one. Maybe that will help.

  14. #14

    Join Date
    Oct 2010
    Location
    Yorkshire
    Posts
    8
    Thank Post
    2
    Thanked 5 Times in 3 Posts
    Rep Power
    0
    Hi, are you running the newer Bloxx system where HTTPS content is decrypted, inspected and re-signed with a self signed certificate? If so we got round the problem by importing the Bloxx Box Generated Certificate using iPhone Configuration Utility or emailing it to the devices, *.apple.com needed to be allowed to tunnel through the Microdasys SCIP engine transparently for software updates etc to work.
    As far as content filtering goes, our Bloxx Box is configured as a transparent setup and a default locked down filtering policy applies to any unauthenticated traffic, we also have a separate VLAN for guest wireless devices which has a different IP address range so Bloxx identifies any traffic coming from this range and applies another different policy. If anyone needs more than default locked down access through Bloxx, we reserve the iPads IP address in DHCP and and add it as a known IP address for their user account in the management console, then any requests from that IP are assumed to be from that user and their filtering policy applies.

SHARE:
+ Post New Thread

Similar Threads

  1. iPad's and the App Store
    By karls5 in forum East Midlands Broadband Consortium (EMBC)
    Replies: 22
    Last Post: 12th October 2010, 07:03 PM
  2. [Video] iPad Disassembled and Reassembled
    By DaveP in forum Jokes/Interweb Things
    Replies: 4
    Last Post: 20th April 2010, 09:16 AM
  3. TS Web Gateway and Authentication
    By Steven in forum Wireless Networks
    Replies: 0
    Last Post: 20th November 2009, 10:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •