Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic (except DHCP-related packets) from a particular client until that client has correctly supplied a valid username and password.  For information on how to configure a Cisco 4000 Series WLAN controller to support a web authentication client, refer to Wireless LAN Controller Web Authentication Configuration Example.

The way that Web authentication works is that it enables the controller management interface to complete a DNS query for the validity of the URL as users in the SSID try to access the Internet. If it is verified, the authorization page displays with the virtual interface IP address. After the user is successfully logged in, it then allows the original request to pass back to the client.

For proxy to work  make that DNS for the proxy server is reachable. If that doesn't fix check if upgrading the WLC fixes the issue.

For related questions and answers, refer to Wireless LAN Controller (WLC) Troubleshoot FAQ.