Does Apple device support NTLM auentication?

We have a few iPads and iPhone trying to talk to internet via Cisco Ironport proxy. The auentication method is NTLM . I googled the forum and found out a discussion on 2014 saying Apple does not support NTLM. Wondering if it is still the case ? Thanks for any input. Cathy

Up vote post of Ifilxh Down vote post of Ifilxh
6.5k views
Posted by
Ifilxh
Reply
Add a Comment

Replies

iOS does, in general, support NTLM authentication, both at the user level (in Safari) and via the NSURLSession API. However, there are some serious caveats.

NTLM authentication does not follow the architecture for HTTP authentication schemes outlined in RFC 7235. Specifically, NTLM authenticates connections, not requests. This causes numerous problems:

  • NTLM authentication is fundamentally incompatible with HTTP/2 because HTTP/2 uses one connection for multiple requests.

  • NTLM authentication is an ongoing source of problems on Apple platforms because our HTTP stack was designed around the RFC 7235 architecture. Some of these problems are just bugs that need to be fixed, but others are more fundamental. For example, in many cases iOS will end up creating extra connections just to deal with NTLM’s unusual requirements.

  • NTLM authentication is less efficient than standard HTTP authentication. Specifically, every new NTLM connection requires 2 extra round trips to the server, whereas with standard HTTP authentication those round trips can often be skipped.

If the server you’re talking to supports an RFC 7235 compliant authentication scheme (typically Basic or Digest), or you have control over the server and can enable such a scheme, I strongly recommend you use a standard scheme rather than continuing with NTLM.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hey Eskimo,

When safari attempts to access a sharepoint v15 iis v8 site using a NTLM account stored in Keychain it hangs for 30 to 40 seconds each site url.

Where can I go to file a report or find status on this issue?


Kev / aspforyou

Posted by
aspforyou
Up vote reply of aspforyou Down vote reply of aspforyou
Add a Comment

>Where can I go to file a report


See the report bugs link, below right.

Posted by
KMT
Up vote reply of KMT Down vote reply of KMT
Add a Comment

I’ve seen reports like this from developers (r. 28205623) but it’s good — well, not good, but useful — to know that it’s affecting Safari as well. You can file a bug about this using our standard Apple Bug Reporter system. I’d appreciate you posting your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Here's my bug #34003327, so when do I get my gold star?

Posted by
aspforyou
Up vote reply of aspforyou Down vote reply of aspforyou
Add a Comment

Here's my bug #34003327

Thanks.

so when do I get my gold star?

$ xxd -p -r > tmp.txt
E2AD90EFB88F0A
^D
$ cat tmp.txt

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment