diff --git a/config-templates/config.php b/config-templates/config.php
index 8191be3d18759106d120187a1347ef6e41476454..ac1eca5d73c843d6dbc0de921389065e2cdef3e8 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -824,6 +824,14 @@ $config = array(
      */
     'proxy' => null,
 
+    
+    /*
+     * Username/password authentication to proxy (Proxy-Authorization: Basic)
+     * Example:
+     *   'proxy.auth' = 'myuser:password'
+     */
+    'proxy.auth' => false
+    
     /*
      * Array of domains that are allowed when generating links or redirections
      * to URLs. SimpleSAMLphp will use this option to determine whether to
diff --git a/docs/simplesamlphp-advancedfeatures.txt b/docs/simplesamlphp-advancedfeatures.txt
index 0a08b7410981b8748b1430efb8a364bacebd56bd..355e741b78610892e8e8357f5f233697b2a16ec0 100644
--- a/docs/simplesamlphp-advancedfeatures.txt
+++ b/docs/simplesamlphp-advancedfeatures.txt
@@ -64,6 +64,17 @@ Please see the [metarefresh documentation](simplesamlphp-automated_metadata).
 
 
 
+Using simpleSAMLphp on a web server requiring the use of a web proxy
+--------------------------------------------------------------------
+
+Some modules in simpleSAMLphp may require fetching HTTP/HTTPS content from external websites (e.g. the metarefresh module needs to fetch the metadata from an external source).
+
+simpleSAMLphp can be configured to send HTTP/S requests via such a proxy. The proxy can be configured in the config/config.php option "proxy". Should the proxy require authentication, this can be configured with "proxy.auth".
+
+The default is not to use a proxy ('proxy' = null) and no username and password are used ('proxy.auth' = false).
+
+
+
 Auth MemCookie
 --------------
 
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 7aaa1977987efa1fd10b67d636136af3f2195430..ee588258166a3f014a8494cdc309d9906cdbf5eb 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -336,7 +336,8 @@ class HTTP
 
 
     /**
-     * Helper function to retrieve a file or URL with proxy support.
+     * Helper function to retrieve a file or URL with proxy support, also 
+     * supporting proxy basic authorization..
      *
      * An exception will be thrown if we are unable to retrieve the data.
      *
@@ -361,10 +362,14 @@ class HTTP
         $config = \SimpleSAML_Configuration::getInstance();
 
         $proxy = $config->getString('proxy', null);
+        $proxy_auth = $config->getString('proxy.auth', false);
         if ($proxy !== null) {
             if (!isset($context['http']['proxy'])) {
                 $context['http']['proxy'] = $proxy;
             }
+            if ($proxy_auth !== false) {
+                $context['http']['header'] = "Proxy-Authorization: Basic".base64_encode($proxy_auth);
+            }
             if (!isset($context['http']['request_fulluri'])) {
                 $context['http']['request_fulluri'] = true;
             }