Problems authenticating iTunes requests
Unable to get iTunes pages or downloads when going through the proxy
The Proxy is configured to use cookies, or cookie-based transparent authentication

While the iTunes client does support NTLM authentication, it does not accept cookies. If you are doing cookie-based transparent authentication you will need to use one of the following workarounds:

• Switch to IP based authentication.
  This is less secure than using cookies. You can change this configuration option by navigating in the Management Console to: Configuration > Authentication > Transparent Proxy. Switch the method from "Cookie" to "IP".
   
• Configure policy to override authentication for the iTunes user-agent.  Here is how to implement this change to your policy:

1. Go into the Management Console > Configuration tab > Policy > Visual Policy Manager > Launch
2. Select your currently configured Web Authentication Layer.
3. Create a new rule by selecting "Add Rule".
4. Right click in the Source Column and select "Set".
5. Select New > Request Header (do not select "User-Agent" - this is a predefined list in which iTunes does not exist)
6. In the Name field enter "iTunes User Agent".
7. In the Header Name field enter "User-Agent".
8. In the Header Regex field enter "iTunes.*".  (NOTE:  That is iTunes[dot][asterisk] )
9. Press OK twice.
10. Right click the Action column and select Set.
11. Select "Do Not Authenticate" from the list and click OK
12. Use the "Move Up" buttons to move your new rule to the topmost position in the layer, or at least to a location above the existing authentication rule that iTunes requests are matching on.
13. Click Install Policy.

NOTE:  Data based on testing done with iTunes 4.7.1.30.