So reviewed my changes to date.
I had made a change to fix the ubiquitous problem:
ID3206: A signin response may only redirect within the current web application
If you have played with WIF, you will have seen this particular problem.
The solution is BTW:
Add this to the global.asax
private void Application_BeginRequest(object sender, EventArgs e)This seemed to have fixed the bug but then introduced another - the dreaded slippery slope.
if (String.Compare(Request.Path, Request.ApplicationPath, StringComparison.InvariantCultureIgnoreCase) == 0 && !(Request.Path.EndsWith("/")))
Response.Redirect(Request.Path + "/");
After googling around, I found the problem.
In my ADFS RP, I had configured the endpoint without a trailing slash.
Added the missing "/" and all was well.