Tracked this down to a credential store. Our configuration uses LDAP as
primary, with legacy Kerberos (via JAAS) as fallback (to go away some day).
Authentication usually fails through to Kerberos because of bad passwords. On
rare occasion the user doesn’t have LDAP credentials.
Turning everyth
Running CAS 4.2.6 on Linux (Oracle/RedHat Linux 7, VM, one “CPU") w/
LDAP(tive) AuthN, Oracle Java 8, Tomcat 8(.0.33) fronted by Apache httpd 2.4
via AJP.
The AJP connector is (somewhat arbitrarily) set to a 20-second response timeout.
Seeing occasional 500 errors returned on POST, with corres
