connection refused after successfull authentication

[Antoine Wils]

I am trying to demo SSO with CAS as a SAML2 IdP.
I am running cas-overlay-template 5.1.6.

Custom dependencies:

        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-support-saml-idp</artifactId>
            <version>${cas.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-support-json-service-registry</artifactId>
            <version>${cas.version}</version>
        </dependency>

        <dependency>
          <groupId>org.apereo.cas</groupId>
          <artifactId>cas-server-support-generic</artifactId>
          <version>${cas.version}</version>
        </dependency>

Related configuration properties

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:///etc/cas/services

cas.authn.samlIdp.entityId=https://mydomain:443/cas/idp
cas.authn.samlIdp.scope=mydomain

cas.authn.file.separator=::
cas.authn.file.filename=file:/etc/cas/config/password.txt
cas.authn.file.passwordEncoder.type=NONE

Relevant password file content

uone::uone
utwo::utwo

Error scenario:

1. SP send an authentication request to CAS IdP
1. 2017-12-19 10:01:46,779 INFO [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Received SAML profile request [/cas/idp/profile/SAML2/POST/SSO]>
2. ...
3. 2017-12-19 10:01:47,250 INFO [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSignatureValidator] - <Successfully validated the request signature.>
4. 2017-12-19 10:01:47,420 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Built service callback url [https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...
5. 2017-12-19 10:01:47,441 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Created service url [https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...
6. 2017-12-19 10:01:47,443 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Redirecting SAML authN request to [https://mydomain:443/cas/login?service=https%3A%2F%2Fmydomain%3A443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%2FCallback.%2B%3FentityId%3Durn%253Atest1%253Abics%253Abrussels%26SAMLRequest%3D...
7. ...
8. 2017-12-19 10:01:47,622 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
   =============================================================
   WHO: audit:unknown
   WHAT: [event=success,timestamp=Tue Dec 19 10:01:47 UTC 2017,source=RankedAuthenticationProviderWebflowEventResolver]
   ACTION: AUTHENTICATION_EVENT_TRIGGERED
   APPLICATION: CAS
   WHEN: Tue Dec 19 10:01:47 UTC 2017
   CLIENT IP ADDRESS: x.x.x.x
   SERVER IP ADDRESS: y.y.y.y
   =============================================================
   
2. the login page is presented
1. 2017-12-19 10:01:47,658 INFO [org.apereo.cas.support.saml.services.idpmetadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Adapting SAML metadata for CAS service [BICSTest1] issued by [urn:test1:bics:brussels]>
2. 2017-12-19 10:01:47,658 INFO [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Locating metadata for entityID [urn:test1:bics:brussels] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] by attempting to run through the metadata chain...>
3. 2017-12-19 10:01:47,659 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.DefaultSamlRegisteredServiceCachingMetadataResolver] - <Resolving metadata for [BICSTest1] at [/etc/cas/sp/BICS/TEST1-BICS-BRUSSELS.xml].>
4. 2017-12-19 10:01:47,660 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.DefaultSamlRegisteredServiceCachingMetadataResolver] - <Loaded and cached SAML metadata [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver] from [/etc/cas/sp/BICS/TEST1-BICS-BRUSSELS.xml] for [1440] minute(s)>
5. 2017-12-19 10:01:47,660 INFO [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Resolved metadata chain for service [urn:test1:bics:brussels]. Filtering the chain by entity ID [urn:test1:bics:brussels] and
6. binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]>
7. 2017-12-19 10:01:47,661 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Located EntityDescriptor in metadata for [urn:test1:bics:brussels]>
8. 2017-12-19 10:01:47,661 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Located SPSSODescriptor in metadata for [urn:test1:bics:brussels]. Metadata is valid until [null]>
9. 2017-12-19 10:01:47,679 DEBUG [org.apereo.cas.support.saml.mdui.MetadataUIUtils] - <Locating SP SSO descriptor for SAML2 protocol...>
10. 2017-12-19 10:01:47,680 DEBUG [org.apereo.cas.support.saml.mdui.MetadataUIUtils] - <SP SSO descriptor resolved to be [org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorImpl@5bf6b83b]>
11. 2017-12-19 10:01:47,680 DEBUG [org.apereo.cas.support.saml.mdui.MetadataUIUtils] - <No extensions in the SP SSO descriptor are found for [urn:oasis:names:tc:SAML:metadata:ui]>
12. 2017-12-19 10:01:47,786 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML>
13. 2017-12-19 10:01:47,793 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>
14. 2017-12-19 10:01:47,795 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML>
15. 2017-12-19 10:01:47,797 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified>
16. the user 'uone' logs in
17. 2017-12-19 10:01:57,162 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Attempting authentication internally for transformed credential [uone]
18. 2017-12-19 10:01:57,164 DEBUG [org.apereo.cas.authentication.AbstractAuthenticationManager] - <Authentication handler [FileAuthenticationHandler] successfully authenticated [uone]>
    
19. 2017-12-19 10:01:57,165 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Invoking principal resolver [org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@2b01ee23[]]>
    
20. 2017-12-19 10:01:57,165 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Resolved principal [uone]>
    
21. 2017-12-19 10:01:57,166 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Final principal constructed by the chain of resolvers is [uone]>
    
22. 2017-12-19 10:01:57,167 DEBUG [org.apereo.cas.authentication.AbstractAuthenticationManager] - <[org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver@545a88d7[chain=[org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@2b01ee23[]]]] resolved [uone] from [uone]>
23. 2017-12-19 10:01:57,168 DEBUG [org.apereo.cas.authentication.AbstractAuthenticationManager] - <Final principal resolved for this authentication event is [uone]>
24. 2017-12-19 10:01:57,172 DEBUG [org.apereo.cas.authentication.policy.AnyAuthenticationPolicy] - <Authentication policy is satisfied having found at least one authentication transactions>
    
25. 2017-12-19 10:01:57,173 INFO [org.apereo.cas.authentication.AbstractAuthenticationManager] - <Authenticated principal [uone] with attributes [{}] via credentials [[uone]].>
26. ...
27. 2017-12-19 10:01:57,176 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
    =============================================================
    WHO: uone
    WHAT: Supplied credentials: [uone]
    ACTION: AUTHENTICATION_SUCCESS
    APPLICATION: CAS
    WHEN: Tue Dec 19 10:01:57 UTC 2017
    CLIENT IP ADDRESS: x.x.x.x
    SERVER IP ADDRESS: y.y.y.y
    =============================================================
3. the user is authenticated
   
   
   1. 2017-12-19 10:01:57,176 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationTransactionManager] - <Successful authentication; Collecting authentication result [org.apereo.cas.authentication.DefaultAuthentication@d42e1d2c]>
   2. 2017-12-19 10:01:57,177 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Locating principal attributes for [uone]>
   3. 2017-12-19 10:01:57,177 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <[DefaultPrincipalAttributesRepository] will return the collection of attributes directly associated with the principal object which are [{}]>
   4. 2017-12-19 10:01:57,191 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Could not find principal [uone] in the repository so no attributes are returned.>
   5. 2017-12-19 10:01:57,192 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [0] attributes for principal [uone] from the attribute repository.>
   6. 2017-12-19 10:01:57,192 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <No merging strategy found, so attributes retrieved from the repository will be used instead.>
   7. 2017-12-19 10:01:57,194 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <Using [uone], no caching takes place for [DefaultPrincipalAttributesRepository] to add attributes.>
   8. 2017-12-19 10:01:57,194 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{}] for [uone]>
   9. 2017-12-19 10:01:57,195 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy [ReturnAllowedAttributeReleasePolicy] to process attributes for [uone]>
   10. 2017-12-19 10:01:57,200 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [uone]>
   11. 2017-12-19 10:01:57,201 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attempting to merge policy attributes and default attributes>
   12. 2017-12-19 10:01:57,201 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>
   13. 2017-12-19 10:01:57,201 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>
   14. 2017-12-19 10:01:57,202 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[]]>
   15. 2017-12-19 10:01:57,203 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]>
   16. 2017-12-19 10:01:57,203 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding default attributes first to the released set of attributes>
   17. 2017-12-19 10:01:57,203 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding policy attributes to the released set of attributes>
   18. 2017-12-19 10:01:57,203 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]>
   19. 2017-12-19 10:01:57,204 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <Skipping access strategy policy, since no attributes rules are defined>
   20. 2017-12-19 10:01:57,225 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
   21. ...
   22. 2017-12-19 10:01:57,478 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent@65f12b85[ticketGrantingTicket=TGT-**********************************************1af0eVKaBV-BICSJAVATEST001]]>
   23. 2017-12-19 10:01:57,488 DEBUG [org.apereo.cas.web.support.CookieRetrievingCookieGenerator] - <Creating cookie [TGC]>
   24. 2017-12-19 10:01:57,498 DEBUG [org.apereo.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Added cookie with name [TGC] and value
   25. ...
   26. 
       
4. CAS redirects to https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=...
1. 2017-12-19 10:01:57,521 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Building an authentication result for authentication [org.apereo.cas.authentication.DefaultAuthentication@35dbf9ec] and service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4d88a991[id=https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=...
2. 2017-12-19 10:01:57,529 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Could not find principal [uone] in the repository so no attributes are returned.>
   
3. 2017-12-19 10:01:57,529 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [0] attributes for principal [uone] from the attribute repository.>
   
4. 2017-12-19 10:01:57,530 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <No merging strategy found, so attributes retrieved from the repository will be used instead.>
   
5. 2017-12-19 10:01:57,530 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <Using [uone], no caching takes place for [DefaultPrincipalAttributesRepository] to add attributes.>
   
6. 2017-12-19 10:01:57,530 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{}] for [uone]>
   
7. 2017-12-19 10:01:57,531 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy [ReturnAllowedAttributeReleasePolicy] to process attributes for [uone]>
   
8. 2017-12-19 10:01:57,532 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [uone]>
   
9. 2017-12-19 10:01:57,532 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attempting to merge policy attributes and default attributes>
   
10. 2017-12-19 10:01:57,533 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>
    
11. 2017-12-19 10:01:57,533 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>
    
12. 2017-12-19 10:01:57,537 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[]]>
    
13. 2017-12-19 10:01:57,538 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]>
    
14. 2017-12-19 10:01:57,539 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding default attributes first to the released set of attributes>
    
15. 2017-12-19 10:01:57,540 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding policy attributes to the released set of attributes>
    
16. 2017-12-19 10:01:57,540 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]>
    
17. 2017-12-19 10:01:57,541 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <Skipping access strategy policy, since no attributes rules are defined>
18. ...
    
19. 2017-12-19 10:01:57,570 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent@6113c265[ticketGrantingTicket=TGT-**********************************************1af0eVKaBV-BICSJAVATEST001,serviceTicket=ST-1-xyz-BICSJAVATEST001]]>
20. 2017-12-19 10:01:57,572 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
    =============================================================
    WHO: uone
    WHAT: ST-1-xyz-BICSJAVATEST001 for https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...&RelayState
    ACTION: SERVICE_TICKET_CREATED
    APPLICATION: CAS
    WHEN: Tue Dec 19 10:01:57 UTC 2017
    CLIENT IP ADDRESS: x.x.x.x
    SERVER IP ADDRESS: y.y.y.y
    =============================================================
21. ...
    
22. 2017-12-19 10:02:04,143 INFO [org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController] - <Received SAML callback profile request [/cas/idp/profile/SAML2/POST/SSO/Callback.+]>
23. 2017-12-19 10:02:04,143 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Retrieving authentication request from scope>
    
24. 2017-12-19 10:02:04,145 DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController] - <RelayState is []>
25. 2017-12-19 10:02:04,190 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Built service callback url [https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...&RelayState]>
26. 2017-12-19 10:02:04,190 DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController] - <Created service url for validation: [https://mydomain:443/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...&RelayState]>
27. 2017-12-19 10:02:04,222 ERROR [org.jasig.cas.client.util.CommonUtils] - <Connection refused>
    java.net.ConnectException: Connection refused
            at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_71]
            at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_71]
            at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_71]
            at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_71]
            at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_71]
            at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_71]
            at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668) ~[?:1.8.0_71]
            at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173) ~[?:1.8.0_71]
            at sun.net.NetworkClient.doConnect(NetworkClient.java:180) ~[?:1.8.0_71]
            at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) ~[?:1.8.0_71]
            at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) ~[?:1.8.0_71]
            at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264) ~[?:1.8.0_71]
            at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) ~[?:1.8.0_71]
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) ~[?:1.8.0_71]
            at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105) ~[?:1.8.0_71]
            at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999) ~[?:1.8.0_71]
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) ~[?:1.8.0_71]
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) ~[?:1.8.0_71]
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) ~[?:1.8.0_71]
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) ~[?:1.8.0_71]
            at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429) ~[cas-client-core-3.4.1.jar!/:3.4.1]
            at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) ~[cas-client-core-3.4.1.jar!/:3.4.1]
            at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) ~[cas-client-core-3.4.1.jar!/:3.4.1]
            at org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOPostProfileCallbackHandlerController.java:175) ~[cas-server-support-saml-idp-5.1.6.jar!/:5.1.6]
            at org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController.handleCallbackProfileRequest(SSOPostProfileCallbackHandlerController.java:136) ~[cas-server-support-saml-idp-5.1.6.jar!/:5.1.6]
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_71]
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_71]
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_71]
            at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_71]
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:741) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) ~[spring-aop-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apereo.cas.support.saml.web.idp.profile.sso.SSOPostProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$9a22d255.handleCallbackProfileRequest(<generated>) ~[cas-server-support-saml-idp-5.1.6.jar!/:5.1.6]
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_71]
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_71]
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_71]
            at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_71]
            at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) ~[cas-server-core-web-5.1.6.jar!/:5.1.6]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.6.jar!/:2.0.6]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) ~[cas-server-security-filter-2.0.6.jar!/:2.0.6]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110) ~[spring-boot-actuator-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90) ~[cas-server-core-logging-5.1.6.jar!/:5.1.6]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:64) ~[inspektr-common-1.7.GA.jar!/:1.7.GA]
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_71]
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_71]
            at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.20.jar!/:8.5.20]
            at java.lang.Thread.run(Thread.java:745) [?:1.8.0_71]
    
28. 2017-12-19 10:02:04,237 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
    java.lang.RuntimeException: java.net.ConnectException: Connection refused
    ...
29. 2017-12-19 10:02:04,373 DEBUG [org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory] - <Request does not specify a [TARGET] or request body is empty>
    
30. 2017-12-19 10:02:04,378 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>
    
31. 2017-12-19 10:02:04,378 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <No service could be extracted based on the given request>
    
32. 2017-12-19 10:02:04,378 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor did not generate service.>
    
    

On web page error is displayed at URL https://mydomain/cas/idp/profile/SAML2/POST/SSO/Callback.+?entityId=urn%3Atest1%3Abics%3Abrussels&SAMLRequest=...&RelayState&ticket=ST-1-xyz-BICSJAVATEST001

CAS is unable to process this request: "500:Internal Server Error"

Can you please help to spot why this endpoint return a connection refused?

I don't know if it is the URI of the page or an underlying URI? Mayve an URI at the SP?