You need to figure out why this: 2019-08-30 13:52:12,289 ERROR [org.jasig.cas.client.util.CommonUtils] - Error getting response from host: [ssp.emd-management.fr] with path: [/cas/p3/serviceValidate] and protocol: [https] Error Message: Connection refused (Connection refused)
is happening. Something somewhere is telling the host that this message appears on that it cannot connect to ssp.end-management.fr with https. Could be it's connecting to the wrong port (443 instead of 8443, or 8080 instead of 8443, or something), or could be it's connecting to the wrong IP, or could be there's a firewall in the way, or could be you don't have the operating system firewall's port(s) opened, or.... The fact that you're getting a connection refused and not a connection timeout suggests that the packets are reaching the destination ( ssp.end-management.fr) and then it's turning them away. I would start there and see what's happening. -- DAVID A. CURRY, CISSP *DIRECTOR • INFORMATION SECURITY & PRIVACY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • david.cu...@newschool.edu On Fri, Aug 30, 2019 at 7:52 AM Samuel GARÇON <samuel.garcon....@gmail.com> wrote: > Same result from the cas log file : > > > 2019-08-30 13:50:37,100 DEBUG > [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Current > authentication via ticket > [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] > allows service [https://ssp.emd-management.fr/cas-management/manage.html] > to participate in the existing SSO session> > 2019-08-30 13:50:37,101 DEBUG > [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Looking up > service ticket id generator for > [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl]> > 2019-08-30 13:50:37,102 DEBUG > [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Attempting > to encode service ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> > 2019-08-30 13:50:37,103 DEBUG > [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Encoded > service ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> > 2019-08-30 13:50:37,103 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket > [TGT-1-********************************************************V1sq-ij6t4EL-APP-2]> > 2019-08-30 13:50:37,104 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original > ticket id > [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] > to > [71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7]> > 2019-08-30 13:50:37,104 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded > ticket > [EncodedTicket(id=71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7)]> > 2019-08-30 13:50:37,105 DEBUG > [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added > ticket > [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] > to registry.> > 2019-08-30 13:50:37,105 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket > [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> > 2019-08-30 13:50:37,106 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original > ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to > [5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c]> > 2019-08-30 13:50:37,106 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded > ticket > [EncodedTicket(id=5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c)]> > 2019-08-30 13:50:37,107 DEBUG > [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added > ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to registry.> > 2019-08-30 13:50:37,107 INFO > [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket > [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] for service [ > https://ssp.emd-management.fr/cas-management/manage.html] and principal > [samuel.garcon]> > 2019-08-30 13:50:37,108 DEBUG > [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing > [CasServiceTicketGrantedEvent(ticketGrantingTicket=TGT-1-********************************************************V1sq-ij6t4EL-APP-2, > serviceTicket=ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2)]> > 2019-08-30 13:50:37,108 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: samuel.garcon > WHAT: ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2 for > https://ssp.emd-management.fr/cas-management/manage.html > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Fri Aug 30 13:50:37 CEST 2019 > CLIENT IP ADDRESS: 172.16.9.25 > SERVER IP ADDRESS: 192.168.200.11 > ============================================================= > > > 2019-08-30 13:52:12,289 ERROR [org.jasig.cas.client.util.CommonUtils] - > Error getting response from host: [ssp.emd-management.fr] with path: > [/cas/p3/serviceValidate] and protocol: [https] Error Message: Connection > refused (Connection refused) > > > Le vendredi 30 août 2019 13:49:04 UTC+2, Samuel GARÇON a écrit : >> >> Hello David, >> >> The CAS Dashboard and the CAS Management are running on the same host. >> The DNS is pointing on the CAS server : >> >> C:\Users\Samuel.GARCON>nslookup ssp.emd-management.fr >> Server: w-app-1.emd-management.fr >> Address: 172.16.17.3 >> >> Name: ssp.emd-management.fr >> Address: 192.168.200.11 >> >> root@L-APP-2:/etc/cas/config# ifconfig >> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 192.168.200.11 netmask 255.255.255.0 broadcast >> 192.168.200.255 >> inet6 fe80::250:56ff:fe95:689b prefixlen 64 scopeid 0x20<link> >> ether 00:50:56:95:68:9b txqueuelen 1000 (Ethernet) >> RX packets 151921 bytes 27672266 (26.3 MiB) >> RX errors 0 dropped 19 overruns 0 frame 0 >> TX packets 134584 bytes 171085379 (163.1 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> Thanks, >> >> Sam >> >> Le vendredi 30 août 2019 13:38:31 UTC+2, David Curry a écrit : >>> >>> Are the CAS dashboard and CAS management server running on the same >>> host? Is your DNS doing the wrong thing and you're connecting to localhost >>> (127.0.0.1) instead of the interface where Tomcat is listening? >>> >>> I would turn on some logging or tracing and verify that the IP/port your >>> client is connecting to is the same one where the server is listening. >>> >>> -- >>> >>> DAVID A. CURRY, CISSP >>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>> >>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>> +1 646 909-4728 • david...@newschool.edu >>> >>> >>> On Fri, Aug 30, 2019 at 7:30 AM Samuel GARÇON <samuel....@gmail.com> >>> wrote: >>> >>>> Hi Matthew, >>>> >>>> SSL cert used is valid util 21-Oct-20. >>>> There is a firewall between the server and the client, but nothing is >>>> blocked, and some services (CAS/SAML) are working. >>>> >>>> When i'm testing from the cas dashboard or from the cas-management web >>>> aps the connection is refused. >>>> But if i'm testing from a wordpress using cas, it's working >>>> >>>> - G Suite (SAML via SAML SP Integration) OK >>>> - WordPress Auth (CAS) OK >>>> - SalesForce (SAML via SAML SP Integration) NOK >>>> - CAS Admin Dashboard (CAS) NOK >>>> - CAS Management Web (CAS) NOK >>>> >>>> I'm using CAS 5.3.11. >>>> >>>> Thanks for your help, >>>> >>>> Sam >>>> >>>> Le vendredi 30 août 2019 12:46:31 UTC+2, Matthew Uribe a écrit : >>>>> >>>>> Just my initial thoughts: is there an expired SSL cert or a closed >>>>> port in a firewall? The connection refused seems to indicate something >>>>> possibly along those lines. >>>>> >>>>> On Fri, Aug 30, 2019, 3:23 AM Samuel GARÇON <samuel....@gmail.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I'm sorry to post again, but i really need some help. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Sam >>>>>> >>>>>> Le jeudi 29 août 2019 18:11:25 UTC+2, Samuel GARÇON a écrit : >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> After somme extensive debug, some services are working : >>>>>>> >>>>>>> - G Suite (SAML via SAML SP Integration) OK >>>>>>> - WordPress Auth (CAS) OK >>>>>>> - SalesForce (SAML via SAML SP Integration) NOK >>>>>>> - CAS Admin Dashboard (CAS) NOK >>>>>>> >>>>>>> The problem seems to be located on the service validate side : >>>>>>> >>>>>>> 2019-08-29 18:08:50,183 ERROR >>>>>>> [org.jasig.cas.client.util.CommonUtils] - <Error getting response from >>>>>>> host: [ssp.emd-management.fr >>>>>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ssp.emd-2Dmanagement.fr&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=g87YygvNpseLKNH9RZs5u6goZegMUTtixPJ5R3X9AHU&e=>] >>>>>>> with path: [/cas/p3/serviceValidate] and protocol: [https] Error >>>>>>> Message: >>>>>>> Connection refused (Connection refused)> >>>>>>> >>>>>>> >>>>>>> Thanks for your help. >>>>>>> >>>>>>> Sam >>>>>>> >>>>>>> >>>>>>> Le jeudi 29 août 2019 14:11:02 UTC+2, Samuel GARÇON a écrit : >>>>>>>> >>>>>>>> This issue is very problematic for me. >>>>>>>> >>>>>>>> So please find below more informations about my configuration >>>>>>>> >>>>>>>> - Directory used : AD >>>>>>>> - No logon_hour are configured >>>>>>>> >>>>>>>> Thanks for your help :) >>>>>>>> >>>>>>>> Sam >>>>>>>> >>>>>>>> Le jeudi 29 août 2019 09:51:21 UTC+2, Samuel GARÇON a écrit : >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> After rebooting my cas server, i can't accessing services. >>>>>>>>> >>>>>>>>> Authentification seems to be OK, but ticket granting seems to fail >>>>>>>>> : >>>>>>>>> >>>>>>>>> Error: java.net.ConnectException: Connection refused (Connection >>>>>>>>> refused) >>>>>>>>> >>>>>>>>> >>>>>>>>> Your account is forbidden to login at this thime ( web broswer >>>>>>>>> header) >>>>>>>>> >>>>>>>>> Any ideas ? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=zE3Ct49Q_3MrYuBuXNvaPWBo4AoGjmJkgjBGdRE7VQE&e=> >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=2Pek80yDCBI9EL8eq-9CUtIXLMTUKaATUIzkNSJ4OC4&e=> >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=9PZDmIVK7jFBzUB93HKB6SfKi8DFTvV5ngu7rISGhYo&e=> >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=c-hY__4t0Ioj2qGJlCYhStVWBV4oIIOnHTJsVW_zj3M&e=> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to cas-...@apereo.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a8ace89-f67f-4e25-ae99-955909bed2a9%40apereo.org >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_0a8ace89-2Df67f-2D4e25-2Dae99-2D955909bed2a9-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=l0gUyxc5Mbaaks948YqCTjihR8gI5hiB12iGowqeAFQ&e=> >>>>>> . >>>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d80d60e-0d07-4fe4-91ff-95bb060a4d1e%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d80d60e-0d07-4fe4-91ff-95bb060a4d1e%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP-jKq%3D_Rt1FdfVbDNc2oEcNhzD3u5RcA2JwqPRWMARYg%40mail.gmail.com.
