Netbooks, PDA and Phones Thread, Ipad, Bloxx and authentication in Technical; We are currently beginning the early phases of an Ipad project here at Clevedon school, One of the issues we ...
21st September 2011, 02:31 PM #1
Ipad, Bloxx and authentication
We are currently beginning the early phases of an Ipad project here at Clevedon school, One of the issues we have is that filtering is provided by a BLOXX box, requiring authentication against a user account.
We have already had major issues with Ipads and HTTPS, but are wondering how we get around the 'enter username and password' issue, eventually every student in the school will have one of these and we will need to retain filtering
21st September 2011, 02:49 PM #2
Authenticated proxies and the iPad raise several challenges, the biggest being that many apps don't observe the iPad's system settings for proxies and try to connect straight out to the Internet.
PAC files are supported within iOS and may help in your scenario. We are hoping for proxy support for MDM services (such as Lion server) to come in iOS 5 (fingers crossed!)
As always, Apple Solution Experts for Education can normally offer professional support and advice on this. See here for more
21st September 2011, 04:45 PM #3
At the moment, we are just testing with a small group of users, and the teacher wants to use the wireless capabilities rather than the 3g capabilities, is there any way we can get this to work, with our current authnticated proxy solution?
21st September 2011, 05:03 PM #4
HTTPS issues are down to your network security blocking Apple's Certificate Server, which uses the same Certificates as other secure web sites such as banks so if you can access these on your PC's you shouldn't get a problem with the iPads.
Originally Posted by ittech
I have installed class sets of iPads at schools with a Bloxx Proxy Filtering System before and not had a problem...
21st September 2011, 08:26 PM #5
Probably depends on your authentication type - can the latest bloxx offer a different auth type (eg. captive portal) on a separate proxy port, for example? Thats how we'd approach it usually.
26th September 2011, 03:15 PM #6
OK, i've approached this a slightly different way and added the Bloxx authentication details into the proxy settings of the ipad. My issue now is that despite adding these setting, the ipad constantly prompts for authentication details. I notice that the BBC news app prompts for username, password and domain. In the ipad settings however you're only asked for username and password. Entering the username in the format of domain/user seems to have no effect.
Another issue I have is that because we have an ISA server I cannot just allow non-authenticated users out on the unfiltered proxy either (cheers Microsoft for that 'feature') So Either I have to go out via BLOXX or hand out unfiltered proxy settings to users. (no way Jose!)
Any ideas anyone?
26th September 2011, 03:51 PM #7
I'm having this issue with BLOXX as well - despite entering known good credentials into the iPad proxy settings, it just keeps asking. Very irritating, and means for the moment at least, the iPads are unfiltered - teacher discretion and attention is required. Luckily, it's just a single trolley of iPads (27), so it's not too onerous. I'm told it's a bug in iOS 4.3.5, and that the same bug remains in iOS 5... Hope it's fixed. Apparantly it just ignores the settings in there.
1st December 2011, 03:52 PM #8
- Rep Power
yep same issue here with all the iphones and ISA. makes them a bit unusable until a fix comes out.
Last edited by backwellschool; 1st December 2011 at 04:37 PM.
1st December 2011, 04:19 PM #9
Right you need to do transparent filtering. No two ways about this as the vast majority of your programs cannot see any proxy settings on the ipads. So set up the DNS to point to you proxy and set it to transparent and bam, everyone is filtered. Set an appropriate level for the ipads and bobs your uncle. With the HTTPS issue, set it as available for everyone, but still set everything else as you normally would.
6th December 2011, 12:30 PM #10
- Rep Power
Can you expand a little more on how you have managed to get filtered internet on the Ipads working without it asking for authentication all the time but still have normal user filtered access on the PC's.
13th December 2011, 01:37 PM #11
- Rep Power
14th December 2011, 12:10 PM #12
- Rep Power
Originally Posted by nephilim
As nephilim mentioned, the apps will ignore any proxy settings you give the iPad. A transaparent deployment may be the answer to your problems.
Give Bloxx support a call, they should be able to help you out.
14th December 2011, 12:13 PM #13
Try the username in the username@domain format - android uses this but not the domain\username one. Maybe that will help.
22nd December 2011, 01:28 PM #14
- Rep Power
Hi, are you running the newer Bloxx system where HTTPS content is decrypted, inspected and re-signed with a self signed certificate? If so we got round the problem by importing the Bloxx Box Generated Certificate using iPhone Configuration Utility or emailing it to the devices, *.apple.com needed to be allowed to tunnel through the Microdasys SCIP engine transparently for software updates etc to work.
As far as content filtering goes, our Bloxx Box is configured as a transparent setup and a default locked down filtering policy applies to any unauthenticated traffic, we also have a separate VLAN for guest wireless devices which has a different IP address range so Bloxx identifies any traffic coming from this range and applies another different policy. If anyone needs more than default locked down access through Bloxx, we reserve the iPads IP address in DHCP and and add it as a known IP address for their user account in the management console, then any requests from that IP are assumed to be from that user and their filtering policy applies.
By karls5 in forum East Midlands Broadband Consortium (EMBC)
Last Post: 12th October 2010, 07:03 PM
By DaveP in forum Jokes/Interweb Things
Last Post: 20th April 2010, 09:16 AM
By Steven in forum Wireless Networks
Last Post: 20th November 2009, 10:37 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread