Same result from the cas log file :
2019-08-30 13:50:37,100 DEBUG [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Current authentication via ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] allows service [https://ssp.emd-management.fr/cas-management/manage.html] to participate in the existing SSO session> 2019-08-30 13:50:37,101 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Looking up service ticket id generator for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl]> 2019-08-30 13:50:37,102 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Attempting to encode service ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,103 DEBUG [org.apereo.cas.ticket.factory.DefaultServiceTicketFactory] - <Encoded service ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,103 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2]> 2019-08-30 13:50:37,104 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] to [71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7]> 2019-08-30 13:50:37,104 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=71ffb9688b462aa1bbbe6f2c5fd703f195024b44510af78f67759dec125027bb87352535537c64134e2a2056610d5ede4e9dcc217fa5a078d65b6ac36cf898d7)]> 2019-08-30 13:50:37,105 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added ticket [TGT-1-********************************************************V1sq-ij6t4EL-APP-2] to registry.> 2019-08-30 13:50:37,105 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2]> 2019-08-30 13:50:37,106 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to [5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c]> 2019-08-30 13:50:37,106 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=5ce1d485a22d1617783c456a96cd0224851fd7379b2ae6d2308c1faa87664b73f146b352263e7980eebfaf935ba28cfef36bcff836caeb4cac1346d71452b05c)]> 2019-08-30 13:50:37,107 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] to registry.> 2019-08-30 13:50:37,107 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2] for service [https://ssp.emd-management.fr/cas-management/manage.html] and principal [samuel.garcon]> 2019-08-30 13:50:37,108 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [CasServiceTicketGrantedEvent(ticketGrantingTicket=TGT-1-********************************************************V1sq-ij6t4EL-APP-2, serviceTicket=ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2)]> 2019-08-30 13:50:37,108 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: samuel.garcon WHAT: ST-16-bmk9P7VdByg7bhIWEAumssfID20L-APP-2 for https://ssp.emd-management.fr/cas-management/manage.html ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Aug 30 13:50:37 CEST 2019 CLIENT IP ADDRESS: 172.16.9.25 SERVER IP ADDRESS: 192.168.200.11 ============================================================= 2019-08-30 13:52:12,289 ERROR [org.jasig.cas.client.util.CommonUtils] - Error getting response from host: [ssp.emd-management.fr] with path: [/cas/p3/serviceValidate] and protocol: [https] Error Message: Connection refused (Connection refused) Le vendredi 30 août 2019 13:49:04 UTC+2, Samuel GARÇON a écrit : > > Hello David, > > The CAS Dashboard and the CAS Management are running on the same host. > The DNS is pointing on the CAS server : > > C:\Users\Samuel.GARCON>nslookup ssp.emd-management.fr > Server: w-app-1.emd-management.fr > Address: 172.16.17.3 > > Name: ssp.emd-management.fr > Address: 192.168.200.11 > > root@L-APP-2:/etc/cas/config# ifconfig > ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.200.11 netmask 255.255.255.0 broadcast > 192.168.200.255 > inet6 fe80::250:56ff:fe95:689b prefixlen 64 scopeid 0x20<link> > ether 00:50:56:95:68:9b txqueuelen 1000 (Ethernet) > RX packets 151921 bytes 27672266 (26.3 MiB) > RX errors 0 dropped 19 overruns 0 frame 0 > TX packets 134584 bytes 171085379 (163.1 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > Thanks, > > Sam > > Le vendredi 30 août 2019 13:38:31 UTC+2, David Curry a écrit : >> >> Are the CAS dashboard and CAS management server running on the same host? >> Is your DNS doing the wrong thing and you're connecting to localhost >> (127.0.0.1) instead of the interface where Tomcat is listening? >> >> I would turn on some logging or tracing and verify that the IP/port your >> client is connecting to is the same one where the server is listening. >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • [email protected] >> >> >> On Fri, Aug 30, 2019 at 7:30 AM Samuel GARÇON <[email protected]> >> wrote: >> >>> Hi Matthew, >>> >>> SSL cert used is valid util 21-Oct-20. >>> There is a firewall between the server and the client, but nothing is >>> blocked, and some services (CAS/SAML) are working. >>> >>> When i'm testing from the cas dashboard or from the cas-management web >>> aps the connection is refused. >>> But if i'm testing from a wordpress using cas, it's working >>> >>> - G Suite (SAML via SAML SP Integration) OK >>> - WordPress Auth (CAS) OK >>> - SalesForce (SAML via SAML SP Integration) NOK >>> - CAS Admin Dashboard (CAS) NOK >>> - CAS Management Web (CAS) NOK >>> >>> I'm using CAS 5.3.11. >>> >>> Thanks for your help, >>> >>> Sam >>> >>> Le vendredi 30 août 2019 12:46:31 UTC+2, Matthew Uribe a écrit : >>>> >>>> Just my initial thoughts: is there an expired SSL cert or a closed port >>>> in a firewall? The connection refused seems to indicate something possibly >>>> along those lines. >>>> >>>> On Fri, Aug 30, 2019, 3:23 AM Samuel GARÇON <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I'm sorry to post again, but i really need some help. >>>>> >>>>> Thanks, >>>>> >>>>> Sam >>>>> >>>>> Le jeudi 29 août 2019 18:11:25 UTC+2, Samuel GARÇON a écrit : >>>>>> >>>>>> Hi, >>>>>> >>>>>> After somme extensive debug, some services are working : >>>>>> >>>>>> - G Suite (SAML via SAML SP Integration) OK >>>>>> - WordPress Auth (CAS) OK >>>>>> - SalesForce (SAML via SAML SP Integration) NOK >>>>>> - CAS Admin Dashboard (CAS) NOK >>>>>> >>>>>> The problem seems to be located on the service validate side : >>>>>> >>>>>> 2019-08-29 18:08:50,183 ERROR [org.jasig.cas.client.util.CommonUtils] >>>>>> - <Error getting response from host: [ssp.emd-management.fr >>>>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ssp.emd-2Dmanagement.fr&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=g87YygvNpseLKNH9RZs5u6goZegMUTtixPJ5R3X9AHU&e=>] >>>>>> >>>>>> with path: [/cas/p3/serviceValidate] and protocol: [https] Error >>>>>> Message: >>>>>> Connection refused (Connection refused)> >>>>>> >>>>>> >>>>>> Thanks for your help. >>>>>> >>>>>> Sam >>>>>> >>>>>> >>>>>> Le jeudi 29 août 2019 14:11:02 UTC+2, Samuel GARÇON a écrit : >>>>>>> >>>>>>> This issue is very problematic for me. >>>>>>> >>>>>>> So please find below more informations about my configuration >>>>>>> >>>>>>> - Directory used : AD >>>>>>> - No logon_hour are configured >>>>>>> >>>>>>> Thanks for your help :) >>>>>>> >>>>>>> Sam >>>>>>> >>>>>>> Le jeudi 29 août 2019 09:51:21 UTC+2, Samuel GARÇON a écrit : >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> After rebooting my cas server, i can't accessing services. >>>>>>>> >>>>>>>> Authentification seems to be OK, but ticket granting seems to fail : >>>>>>>> >>>>>>>> Error: java.net.ConnectException: Connection refused (Connection >>>>>>>> refused) >>>>>>>> >>>>>>>> >>>>>>>> Your account is forbidden to login at this thime ( web broswer >>>>>>>> header) >>>>>>>> >>>>>>>> Any ideas ? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=zE3Ct49Q_3MrYuBuXNvaPWBo4AoGjmJkgjBGdRE7VQE&e=> >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=2Pek80yDCBI9EL8eq-9CUtIXLMTUKaATUIzkNSJ4OC4&e=> >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=9PZDmIVK7jFBzUB93HKB6SfKi8DFTvV5ngu7rISGhYo&e=> >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=c-hY__4t0Ioj2qGJlCYhStVWBV4oIIOnHTJsVW_zj3M&e=> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a8ace89-f67f-4e25-ae99-955909bed2a9%40apereo.org >>>>> >>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_0a8ace89-2Df67f-2D4e25-2Dae99-2D955909bed2a9-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=YZINWTVJE30_D-3MuipKkxIVSwlepv1keWK7XfgkfvU&s=l0gUyxc5Mbaaks948YqCTjihR8gI5hiB12iGowqeAFQ&e=> >>>>> . >>>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6abb7c4f-bf14-4588-b99c-3fca2637a3bc%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d80d60e-0d07-4fe4-91ff-95bb060a4d1e%40apereo.org.
