Hello everyone and thank you for your feedback.
I made a gross mistake of not looking at all Tomcat logs. I only came to catalina.log thinking that all the traces were there. Last night after reading your returns, I took a look in tomcat8-stdout.2017-02-08.log and there ban i see :
2017-02-08 12:48:02,739 DEBUG [org.pac4j.core.engine.J2ERenewSessionCallbackLogic] - <client: #CasClient# | callbackUrl:
https://cas.mgmt:8443/callback?client_name=CasClient | configuration: #CasConfiguration# | loginUrl:
https://cas.server:8443/login | prefixUrl:
https://cas.server:8443/ | protocol: CAS30 | renew: false | gateway: false | encoding: UTF-8 | logoutHandler: org.pac4j.cas.logout.CasSingleSignOutHandler@1cec1ab8 | acceptAnyProxy: false | allowedProxyChains: [] | proxyReceptor: null | timeTolerance: 1000 | |>
2017-02-08 12:48:02,739 DEBUG [org.pac4j.cas.credentials.extractor.TicketAndLogoutRequestExtractor] - <casCredentials: #TokenCredentials# | token: ST-8-qvCl1FXsvQVHKtvcyyvp-MW7Dkmzd | clientName: CasClient |>
2017-02-08 12:48:02,774 ERROR [org.jasig.cas.client.util.CommonUtils] - <java.security.cert.CertificateException: No name matching cas.server found>
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching cas.server found
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_77]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[?:1.8.0_77]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_77]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_77]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_77]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.9]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_77]
Caused by: java.security.cert.CertificateException: No name matching cas.server found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source) ~[?:1.8.0_77]
at sun.security.util.HostnameChecker
I will then generate other keystores in agreement with my hostnames and continue my POC. I keep you informed of the outcome. It may be useful for other people in the same situation.
A big thank to you. Very good job on Cas Server and Cas Services Management.