We've had "support Http authentication" enabled for a few years in MDS to allow us to use a service account to authenticate to the company's web proxy servers on behalf of the users and it's worked very well.

Now, I have an application being developed for use by our users that won't make successful signon calls unless this setting is disabled. We're assuming that MDS is stripping the auth header and storing it, then trying to authenticate on behalf of the device.

Is there any way these two can co-exist? Somehow enable the application to make its own authentication calls without then forcing users to input their AD credentials every time they want to start a browser session?

Is the issue that the new application doesn't like the generic service account credentials you are using for the HTTP Authentication?

Would it be possible to create a dedicated Proxy Mapping for the new application and use another set of generic credentials with the required privileges over that application?