We have found a way for this to work, but it isn't ideal.
Go to the Web interface, Management, then HTTP. Enable HTTP and disable HTTPS, hit apply.
Log back in via HTTP. Save config, then reboot the WLC.
Once it completes the reboot, assuming the WLAN is already configured for web passthrough, the redirect you get on a guest client goes to HTTP://1.1.1.1/login.html instead of HTTPS://1.1.1.1/login.html ...
However, now the administrative web interface is only available in the "HTTP" flavor, not via HTTPS...
Anyone know of a way to get our desired outcome of using HTTP for the web passthrough, while still retaining HTTPS for management???
Thanks,
Paul