If your proxy is using SPNEGO+Kerberos then you should be able to leverage Kerberos auth. You’ll still need to supply http.proxyUser and http.proxyPassword (they’ll be ignored) for us to configuration proxy authentication but I see no reason why Kerberos auth wouldn’t work.