Jamf Nation Community

In a quick test, it looks ok for me. Is it just really slow, or what makes it almost unusable?

We do not have issues with our ProxySG and Mavericks. How is yours deployed? Inline, Transparent, Explicit? Are you doing client auth, if so is it from an exception page or Kerberos or what?

I am having the same issues with our BlueCoat proxies and Mavericks. OCSPD is the issue because the proxy is sending back a request for credentials and the OS isn't respecting it and not providing the credentials or prompting the users to input them.. I opened a ticket with Apple Enterprise support and they acknowledged that it is an issue. We were able to duplicate it, but the only resolution was to create a system keychain that grabs the users proxy credentials if they are stored in the keychain. Unfortunately, that doesn't work for us because we force a password change every 30 days so it would need to be running constantly along with the fact that not all of our users store the proxy credentials in the keychain.
An alternate way around this would be to allow the OCSPD user agent header unauthenticated access to the internet through the proxy. I am having the same issues with Safari and iTunes. Allowing the user agent header string works reliably and the ocspd process can only be initiated via the OS so the risk is reduced significantly.

@jconte I was able to workaround the issue by turning off OCSP and CRL in Keychain > Preferences. Thinking back, we had to do the same thing in Lion to alleviate some proxy issues. I received the same feedback from Apple Support, that product management is aware of the issue and it will be addressed in an update - hopefully soon.

Turning off OCSP and CRL in the keychain prefs seems to work with Safari, but I'm still getting proxy prompts for the App Store when trying to run updates. We just received word from enterprise support that they anticipate a fix in 10.9.2.