Maybe a dumb question, but you have tried /cas/status/dashboard, right?
From a quick glance, I cannot find any problems in the config.
http[s]://your.cas.server/cas/status
Health: OK1.SessionMonitor: OK - 1 sessions. 0 service tickets.2.MemoryMonitor: OK - 1452.29MB free (79.77%), 368.32MB used, 1820.61MB total.Host: casdev-srv01Server: https://casdev.newschool.eduVersion: 5.2.2
http[s]://your.cas.server/cas/status/dashboard
"serviceId" : "^https://your.cas.server/cas/status/dashboard(\\z|/.*)",
username=passwordnotused,ROLE_ADMIN
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org.
sudo netstat -plnt
https://scna-cas.cna.org.br:8443/cas/....
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67740b15-321a-4baf-b2ad-1f981c399c0d%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67740b15-321a-4baf-b2ad-1f981c399c0d%40apereo.org.
cas.server.prefix = ${cas.server.name}/cas
"serviceId" : "^https://scna-cas.cna.org.br:8443/cas/status/dashboard(\\z|/.*)",
"serviceId" : "^https://scna-cas.cna.org.br:8443/cas-management(\\z|/.*)",
firewall-cmd --permanent --add-forward-port=port=443:proto=tcp:toport=8443
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a2e1a7a-3d75-481e-9e24-487d7aea8a5e%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a2e1a7a-3d75-481e-9e24-487d7aea8a5e%40apereo.org.
Does your server certificate have "scna-cas.cna.org.br" as its host name (CN)?Did you include any/all intermediate/root certificates in the cetificate you imported into the keystore?Did you name the certificate "tomcat" in the keystore?Did you configure Tomcat's HTTPS connector to use the keystore that contains your certificate?
# cd /opt/tomcat# keytool -genkey -alias tomcat -keyalg RSA -validity 365 –keystore keystore.jksEnter keystore password: changeitRe-enter new password: changeitWhat is your first and last name?[Unknown]: scna-cas.cna.org.br(enter the fully qualified domain name of your server here)What is the name of your organizational unit?[Unknown]: TestWhat is the name of your organization?[Unknown]: TestWhat is the name of your City or Locality?[Unknown]: TestWhat is the name of your State or Province?[Unknown]: TestWhat is the two-letter country code for this unit?[Unknown]: TestIs CN=scna-cas.cna.org.br, OU=Test, O=Test, L=Test, ST=Test, C=Testcorrect?[no]: yesEnter key password for <tomcat>(RETURN if same as keystore password): (press RETURN)#
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/17a504b3-1be5-4adc-a63a-3df2c70029a7%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/17a504b3-1be5-4adc-a63a-3df2c70029a7%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8af99ef5-6027-4581-8521-1d9e5105cd62%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8af99ef5-6027-4581-8521-1d9e5105cd62%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/69723a80-1b26-4bdd-be35-a0be66a2c003%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ce8b1c-a86b-41e1-b1c3-d86ec4f06659%40apereo.org.
cas.server.name: https://sso.dumbo.disney:8443
cas.server.prefix: ${cas.server.name}/cas
cas.adminPagesSecurity.ip=8\.8\.8\.8
cas.authn.accept.users:
logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.json.location: file:/etc/cas/services
cas.tgc.secure: true
cas.tgc.crypto.signing.key: X
cas.tgc.crypto.encryption.key: X
cas.webflow.crypto.signing.key: X
cas.webflow.crypto.encryption.key: X
#ldap stuff:
cas.authn.ldap[0].name= Dumbo
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://X:389
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=true
#cas.authn.ldap[0].trustCertificates=file:/etc/cas/certificates_to_trust/i_trust_this_ca.cer
#cas.authn.ldap[0].trustCertificates=file:/etc/cas/config/ldapserver.pem
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].principalAttributeID=uid
#cas.authn.ldap[0].principalAttributeList=uid,displayName,mail,memberOf,description
cas.authn.ldap[0].baseDn=XX
cas.authn.ldap[0].bindDn=XX
cas.authn.ldap[0].bindCredential=XXX
cas.authn.ldap[0].userFilter=uid={user}
#cas.authn.ldap[0].principalAttributePassword=
#cas.authn.ldap[0].principalAttributePassword=userPassword
#cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].minPoolSize=3
#cas.authn.ldap[0].maxPoolSize=10
#cas.authn.ldap[0].validateOnCheckout=true
#cas.authn.ldap[0].validatePeriodically=true
#cas.authn.ldap[0].validatePeriod=600
#cas.authn.ldap[0].failFast=true
#$cas.authn.ldap[0].idleTime=500
##cas.authn.ldap[0].prunePeriod=600
cas.authn.ldap[0].blockWaitTime=5000
cas.adminPagesSecurity.actuatorEndpointsEnabled: true
cas.monitor.endpoints.enabled: true
endpoints.enabled: true
cas.monitor.endpoints.sensitive: false
endpoints.sensitive: false
cas.adminPagesSecurity.loginUrl: ${cas.server.prefix}/login
cas.adminPagesSecurity.service: ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users: file:/etc/cas/config/admusers.properties
cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
# This file lists the users who are allowed access to the CAS /status/*
# endpoints ("adminpages").
#
# The syntax for each line is:
#
# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
#
mouse=passwordnotused,ROLE_ADMIN
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://sso.dumbo.disney:8443/cas/status/dashboard(\\z|/.*)",
"name" : "CAS Admin Dashboard",
"id" : 1509646291,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 5000
}
org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException: java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out) at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170) at org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65) at org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) at org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$160c134b.preHandle(<generated>) at org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155) at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61) at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:92) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:110) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:245) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:65) at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.RuntimeException: java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) at org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:62) at org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) at org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:115) ... 90 more Caused by: java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:463) at sun.net.www.http.HttpClient.openServer(HttpClient.java:558) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) ... 97 more
This is a timeout error or kind of.
I have no clue about what it's going on...
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ce8b1c-a86b-41e1-b1c3-d86ec4f06659%40apereo.org.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--