IBRW-170109: Users on iOS 10 prompted for credentials even when Integrated Authentication is enabled for AirWatch Browser - Resolved in Browser 5.9.1

Version Identified

AirWatch Browser 5.1, 5.1.1

Identifier

IBRW-170109

Symptoms

When using AirWatch Browser on an iOS 10 device, users are prompted to manually enter their credentials when browsing to websites requiring authentication even if Integrated Authentication is configured.  Prior to upgrading to iOS 10, users were not prompted for credentials.

This typically occurs when the AirWatch Tunnel is used to proxy traffic.  When the error occurs, 401 Unauthorized responses show in the Tunnel logs at the completion of NTLM handshakes.

Workaround

By making some edits in the Tunnel config file, you can resolve this issue in most implementations:

  • If using Tunnel/MAG 8.3 or less on Windows, the path used below will default to: C:\AirWatch\MobileAccessGateway\conf\
  • If using Tunnel in more recent versions, the path used below will default to: C:\AirWatch\TunnelProxy\conf\
  • If using Tunnel Proxy on Linux, the path used below will default to: \opt\airwatch\tunnel\proxy\conf\ 

1. On both Relay and Endpoint Tunnel/MAG servers (or just the Endpoint in a basic configuration), open the appropriate path mentioned above depending on your OS and version.

2. Open the littleproxy.properties file and change the file so that "transparent=true" (line 4). The default value is "false".

3. Restart the Proxy service

  • On Windows the Proxy service may display as "AirWatch Mobile Access Gateway" or "AirWatch Tunnel Proxy", depending on the version.
  • On Linux you can run the following command:
service proxy restart

Note that implementing this workaround can cause the following behavior:

  • Lengthy page load times on iOS10 may occur.
  • A single prompt may still occur.
  • In some implementations the workaround may not resolve the issue.

Fix Version

This issue has been resolved in AirWatch Browser 5.9.1 for iOS.

Have more questions? Submit a request

0 Comments

Article is closed for comments.