While the iTunes client does support NTLM authentication, it does not accept cookies. If you are doing cookie-based transparent authentication you will need to use one of the following workarounds:
- Switch to IP based authentication.
This is less secure than using cookies. You can change this configuration option by navigating in the Management Console to: Configuration > Authentication > Transparent Proxy. Switch the method from "Cookie" to "IP".
- Configure policy to override authentication for the iTunes user-agent. Here is how to implement this change to your policy:
- Go into the Management Console > Configuration tab > Policy > Visual Policy Manager > Launch
- Select your currently configured Web Authentication Layer.
- Create a new rule by selecting "Add Rule".
- Right click in the Source Column and select "Set".
- Select New > Request Header (do not select "User-Agent" - this is a predefined list in which iTunes does not exist)
- In the Name field enter "iTunes User Agent".
- In the Header Name field enter "User-Agent".
- In the Header Regex field enter "iTunes.*". (NOTE: That is iTunes[dot][asterisk] )
- Press OK twice.
- Right click the Action column and select Set.
- Select "Do Not Authenticate" from the list and click OK
- Use the "Move Up" buttons to move your new rule to the topmost position in the layer, or at least to a location above the existing authentication rule that iTunes requests are matching on.
- Click Install Policy.
NOTE: Data based on testing done with iTunes 184.108.40.206.