OK, after spending way too much time trying to workout what was wrong in my CAS config I have found the cause (but not the solution yet).
We have a practice of deploying all web applications on IIS, I therefore have IIS sitting in front of CAS using the tomcat ISAPI redirector to pass the requests to tomcat. The 401 error I was seeing is the standard IIS 401 page, checking the IIS logs this has a substatus of 5 which means the 401 has come from tomcat. As a simple test I re-enable port 8080 on Tomcat and tested directly to tomcat and the failed logins work as expected with an 'Invalid credentials' message displayed on the login page. I am guessing that IIS is blocking CAS from handling the 401 error in some way which I have yet to figure out... -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b0cf494-dc0b-411d-835e-f15463182146%40apereo.org.
