Same result from the cas log file :
2019-08-30 13:50:37,100 DEBUG [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Current authentication via ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] allows service [https://ssp.emd-management.fr/cas-management/manage.html] to participate in the existing SSO session> 2019-08-30 13:50:37,101 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Looking up service ticket id generator for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl]> 2019-08-30 13:50:37,102 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Attempting to encode service ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,103 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Encoded service ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,103 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2]> 2019-08-30 13:50:37,104 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] to [71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7]> 2019-08-30 13:50:37,104 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7)]> 2019-08-30 13:50:37,105 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] to registry.> 2019-08-30 13:50:37,105 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,106 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to [5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c]> 2019-08-30 13:50:37,106 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c)]> 2019-08-30 13:50:37,107 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to registry.> 2019-08-30 13:50:37,107 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] for service [https://ssp.emd-management.fr/cas-management/manage.html] and principal [samuel.garcon]> 2019-08-30 13:50:37,108 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [CasServiceTicketGrantedEvent(ticketGrantingTicket=TGT-1-********************************************************V1sq-ij6t4EL-APP-2, serviceTicket=ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2)]> 2019-08-30 13:50:37,108 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: samuel.garcon WHAT: ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2 for https://ssp.emd-management.fr/cas-management/manage.html ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Aug 30 13:50:37 CEST 2019 CLIENT IP ADDRESS: 172.16.9.25 SERVER IP ADDRESS: 192.168.200.11 ============================================================= 2019-08-30 13:52:12,289 ERROR [org.jasig.cas.client.util.CommonUtils] - Error getting response from host: [ssp.emd-management.fr] with path: [/cas/p3/serviceValidate] and protocol: [https] Error Message: Connection refused (Connection refused) Le vendredi 30 août 2019 13:49:04 UTC+2, Samuel GARÇON a écrit : > > Hello David, > > The CAS Dashboard and the CAS Management are running on the same host. > The DNS is pointing on the CAS server : > > C:\Users\Samuel.GARCON>nslookup ssp.emd-management.fr > Server: w-app-1.emd-management.fr > Address: 172.16.17.3 > > Name: ssp.emd-management.fr > Address: 192.168.200.11 > > root@L-APP-2:/etc/cas/config# ifconfig > ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.200.11 netmask 255.255.255.0 broadcast > 192.168.200.255 > inet6 fe80::250:56ff:fe95:689b prefixlen 64 scopeid 0x20<link> > ether 00:50:56:95:68:9b txqueuelen 1000 (Ethernet) > RX packets 151921 bytes 27672266 (26.3 MiB) > RX errors 0 dropped 19 overruns 0 frame 0 > TX packets 134584 bytes 171085379 (163.1 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > Thanks, > > Sam > > Le vendredi 30 août 2019 13:38:31 UTC+2, David Curry a écrit : >> >> Are the CAS dashboard and CAS management server running on the same host? >> Is your DNS doing the wrong thing and you're connecting to localhost >> (127.0.0.1) instead of the interface where Tomcat is listening? >> >> I would turn on some logging or tracing and verify that the IP/port your >> client is connecting to is the same one where the server is listening. >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • david...@newschool.edu >> >> >> On Fri, Aug 30, 2019 at 7:30 AM Samuel GARÇON <samuel....@gmail.com> >> wrote: >> >>> Hi Matthew, >>> >>> SSL cert used is valid util 21-Oct-20. >>> There is a firewall between the server and the client, but nothing is >>> blocked, and some services (CAS/SAML) are working. >>> >>> When i'm testing from the cas dashboard or from the cas-management web >>> aps the connection is refused. >>> But if i'm testing from a wordpress using cas, it's working >>> >>> - G Suite (SAML via SAML SP Integration) OK >>> - WordPress Auth (CAS) OK >>> - SalesForce (SAML via SAML SP Integration) NOK >>> - CAS Admin Dashboard (CAS) NOK >>> - CAS Management Web (CAS) NOK >>> >>> I'm using CAS 5.3.11. >>> >>> Thanks for your help, >>> >>> Sam >>> >>> Le vendredi 30 août 2019 12:46:31 UTC+2, Matthew Uribe a écrit : >>>> >>>> Just my initial thoughts: is there an expired SSL cert or a closed port >>>> in a firewall? The connection refused seems to indicate something possibly >>>> along those lines. >>>> >>>> On Fri, Aug 30, 2019, 3:23 AM Samuel GARÇON <samuel....@gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I'm sorry to post again, but i really need some help. >>>>> >>>>> Thanks, >>>>> >>>>> Sam >>>>> >>>>> Le jeudi 29 août 2019 18:11:25 UTC+2, Samuel GARÇON a écrit : >>>>>> >>>>>> Hi, >>>>>> >>>>>> After somme extensive debug, some services are working : >>>>>> >>>>>> - G Suite (SAML via SAML SP Integration) OK >>>>>> - WordPress Auth (CAS) OK >>>>>> - SalesForce (SAML via SAML SP Integration) NOK >>>>>> - CAS Admin Dashboard (CAS) NOK >>>>>> >>>>>> The problem seems to be located on the service validate side : >>>>>> >>>>>> 2019-08-29 18:08:50,183 ERROR [org.jasig.cas.client.util.CommonUtils] >>>>>> - <Error getting response from host: [ssp.emd-management.fr >>>>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ssp.emd-2Dmanagement.fr&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=g87YygvNpseLKNH9RZs5u6goZegMUTtixPJ5R3X9AHU&e=>] >>>>>> >>>>>> with path: [/cas/p3/serviceValidate] and protocol: [https] Error >>>>>> Message: >>>>>> Connection refused (Connection refused)> >>>>>> >>>>>> >>>>>> Thanks for your help. >>>>>> >>>>>> Sam >>>>>> >>>>>> >>>>>> Le jeudi 29 août 2019 14:11:02 UTC+2, Samuel GARÇON a écrit : >>>>>>> >>>>>>> This issue is very problematic for me. >>>>>>> >>>>>>> So please find below more informations about my configuration >>>>>>> >>>>>>> - Directory used : AD >>>>>>> - No logon_hour are configured >>>>>>> >>>>>>> Thanks for your help :) >>>>>>> >>>>>>> Sam >>>>>>> >>>>>>> Le jeudi 29 août 2019 09:51:21 UTC+2, Samuel GARÇON a écrit : >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> After rebooting my cas server, i can't accessing services. >>>>>>>> >>>>>>>> Authentification seems to be OK, but ticket granting seems to fail : >>>>>>>> >>>>>>>> Error: java.net.ConnectException: Connection refused (Connection >>>>>>>> refused) >>>>>>>> >>>>>>>> >>>>>>>> Your account is forbidden to login at this thime ( web broswer >>>>>>>> header) >>>>>>>> >>>>>>>> Any ideas ? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=zE3Ct49Q_3MrYuBuXNvaPWBo4AoGjmJkgjBGdRE7VQE&e=> >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=2Pek80yDCBI9EL8eq-9CUtIXLMTUKaATUIzkNSJ4OC4&e=> >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=9PZDmIVK7jFBzUB93HKB6SfKi8DFTvV5ngu7rISGhYo&e=> >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=c-hY__4t0Ioj2qGJlCYhStVWBV4oIIOnHTJsVW_zj3M&e=> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-...@apereo.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a8ace89-f67f-4e25-ae99-955909bed2a9%40apereo.org >>>>> >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_0a8ace89-2Df67f-2D4e25-2Dae99-2D955909bed2a9-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=l0gUyxc5Mbaaks948YqCTjihR8gI5hiB12iGowqeAFQ&e=> >>>>> . >>>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d80d60e-0d07-4fe4-91ff-95bb060a4d1e%40apereo.org.