Two things need to happen for this issue to occur :
1. The OCS (web server) needs to require authentication
2. The request matches a rule on the ProxySG that bypasses authentication, either in the visual policy manager, or the local policy file
The behavior of the standard "Do not authenticate" action was changed, it will not pass credentials over to the OCS like it used to. That causes the proxy to forward the request without the username/password entered by the user.
The fix for this is to change the action on the policy rule(s).
For VPM rules, open the visual policy manager and go through the different layers and look for rules with an action called "Do not authenticate". Right-click on the action object, click "Set...", and choose "Do not authenticate (Forward Credentials)
If you use a local or central policy file, edit those files and replace the standard action "authenticate(no)" with the new one which is "authenticate(no, upstream_authentication)".
With the modifications in place, the proxy will forward the credentials over to the OCS and the authentication problem should be resolved.
Please refer to the Configuration and Management Guide if you need assistance modifying your VPM or local policy.