Are the CAS dashboard and CAS management server running on the same host? Is your DNS doing the wrong thing and you're connecting to localhost (127.0.0.1) instead of the interface where Tomcat is listening?
I would turn on some logging or tracing and verify that the IP/port your client is connecting to is the same one where the server is listening. -- DAVID A. CURRY, CISSP *DIRECTOR • INFORMATION SECURITY & PRIVACY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • [email protected] On Fri, Aug 30, 2019 at 7:30 AM Samuel GARÇON <[email protected]> wrote: > Hi Matthew, > > SSL cert used is valid util 21-Oct-20. > There is a firewall between the server and the client, but nothing is > blocked, and some services (CAS/SAML) are working. > > When i'm testing from the cas dashboard or from the cas-management web aps > the connection is refused. > But if i'm testing from a wordpress using cas, it's working > > - G Suite (SAML via SAML SP Integration) OK > - WordPress Auth (CAS) OK > - SalesForce (SAML via SAML SP Integration) NOK > - CAS Admin Dashboard (CAS) NOK > - CAS Management Web (CAS) NOK > > I'm using CAS 5.3.11. > > Thanks for your help, > > Sam > > Le vendredi 30 août 2019 12:46:31 UTC+2, Matthew Uribe a écrit : >> >> Just my initial thoughts: is there an expired SSL cert or a closed port >> in a firewall? The connection refused seems to indicate something possibly >> along those lines. >> >> On Fri, Aug 30, 2019, 3:23 AM Samuel GARÇON <[email protected]> wrote: >> >>> Hi, >>> >>> I'm sorry to post again, but i really need some help. >>> >>> Thanks, >>> >>> Sam >>> >>> Le jeudi 29 août 2019 18:11:25 UTC+2, Samuel GARÇON a écrit : >>>> >>>> Hi, >>>> >>>> After somme extensive debug, some services are working : >>>> >>>> - G Suite (SAML via SAML SP Integration) OK >>>> - WordPress Auth (CAS) OK >>>> - SalesForce (SAML via SAML SP Integration) NOK >>>> - CAS Admin Dashboard (CAS) NOK >>>> >>>> The problem seems to be located on the service validate side : >>>> >>>> 2019-08-29 18:08:50,183 ERROR [org.jasig.cas.client.util.CommonUtils] - >>>> <Error getting response from host: [ssp.emd-management.fr >>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ssp.emd-2Dmanagement.fr&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=g87YygvNpseLKNH9RZs5u6goZegMUTtixPJ5R3X9AHU&e=>] >>>> with path: [/cas/p3/serviceValidate] and protocol: [https] Error Message: >>>> Connection refused (Connection refused)> >>>> >>>> >>>> Thanks for your help. >>>> >>>> Sam >>>> >>>> >>>> Le jeudi 29 août 2019 14:11:02 UTC+2, Samuel GARÇON a écrit : >>>>> >>>>> This issue is very problematic for me. >>>>> >>>>> So please find below more informations about my configuration >>>>> >>>>> - Directory used : AD >>>>> - No logon_hour are configured >>>>> >>>>> Thanks for your help :) >>>>> >>>>> Sam >>>>> >>>>> Le jeudi 29 août 2019 09:51:21 UTC+2, Samuel GARÇON a écrit : >>>>>> >>>>>> Hi, >>>>>> >>>>>> After rebooting my cas server, i can't accessing services. >>>>>> >>>>>> Authentification seems to be OK, but ticket granting seems to fail : >>>>>> >>>>>> Error: java.net.ConnectException: Connection refused (Connection refused) >>>>>> >>>>>> >>>>>> Your account is forbidden to login at this thime ( web broswer header) >>>>>> >>>>>> Any ideas ? >>>>>> >>>>>> Thanks, >>>>>> >>>>> -- >>> - Website: https://apereo.github.io/cas >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=zE3Ct49Q_3MrYuBuXNvaPWBo4AoGjmJkgjBGdRE7VQE&e=> >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=2Pek80yDCBI9EL8eq-9CUtIXLMTUKaATUIzkNSJ4OC4&e=> >>> - List Guidelines: https://goo.gl/1VRrw7 >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=9PZDmIVK7jFBzUB93HKB6SfKi8DFTvV5ngu7rISGhYo&e=> >>> - Contributions: https://goo.gl/mh7qDG >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=c-hY__4t0Ioj2qGJlCYhStVWBV4oIIOnHTJsVW_zj3M&e=> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a8ace89-f67f-4e25-ae99-955909bed2a9%40apereo.org >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_0a8ace89-2Df67f-2D4e25-2Dae99-2D955909bed2a9-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=l0gUyxc5Mbaaks948YqCTjihR8gI5hiB12iGowqeAFQ&e=> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOWGh1abi8pTEZUhSMBrQZBiQzkN8eUJYW6kEVL-GfDow%40mail.gmail.com.
