Environment: Cisco Web Security Appliance, all versions of AsyncOS.
There are also 401 messages in the access logs regarding ax.phobos.apple.com and phobos.apple.com as a result of this.
iTunes supports both basic and NTLM authentication, but it does not send additional cookies that have been set. For this reason, iTunes will hang when using cookies as the authentication credential caching method.
iTunes does send a cookie with each GET, but it will not send the credential cookie that the WSA sets, causing an authentication loop.
To work around this issue, try one of these fixes:
- Use IP credential caching instead of cookie.
- Add the following domains to the authentication destination exemptions list:
- Bypass authentication for the iTunes User-agent string (AsyncOS 5.6+)
Example: User-Agent: iTunes/7.6.2 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96