[rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

Tim Wiley tim at marchex.com
Wed Feb 13 10:28:00 EST 2013


On 02/12/2013 08:00 PM, Thomas Klump wrote:
> I’m working on implementing RT with OpenID. I started with a basic
> installation of RT and I created some test tickets from within the webui
> and via email. Everything worked great. I then started to implement
> OpenID for authentication. I tried using the RT OpenID plugin but I was
> never able to get that to work and there was very little documentation
> out there about it. I then decided to install WebExternalAuth use the
> Apache OpenID module for authentication. I was able to get this to work
> and now the web interface works great. Unfortunately, now the
> rt-mailgate is no longer working. When I email the queue the following
> error is logged in the maillog:
>
> Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
> to="|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action
> correspond --url http://rt.example.com/",
> ctladdr=<customerservice at rt.example.com
> <mailto:customerservice at rt.example.com>> (8/0), delay=00:00:08,
> xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog
> mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
>
> I then tried testing it from command line with the following results:
>
> # (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate
> --queue 'Customer Service' --action correspond --url
> http://rt.example.com --debug
>
> /usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'
>
> /usr/local/rt/bin/rt-mailgate: connecting to
> http://rt.example.com/REST/1.0/NoAuth/mail-gateway
>
> An Error Occurred
>
> =================
>
> 302 Found
>
> /usr/local/rt/bin/rt-mailgate: undefined server error
>
> I then switched back to normal authentication methods in my apache
> virtualhost config and then rt-mailgate would process emails
> successfully. Here is my apache vituralhost configuration that seems to
> be the problem:
>
> <VirtualHost *:80>
>
>          # Optional apache logs for RT
>
>          # ErrorLog /usr/local/rt/var/log/apache2.error
>
>          # TransferLog /usr/local/rt/var/log/apache2.access
>
>          # LogLevel debug
>
>          AddDefaultCharset UTF-8
>
>          DocumentRoot "/usr/local/rt/share/html"
>
>          <Location />
>
> # If I comment out the section below and uncomment the two lines below
> that everything works
>
>                  AuthType OpenID
>
>                  require valid-user
>
>                  AuthOpenIDTrusted ^http://www.example.com/$
>
>                  AuthOpenIDUseCookie On
>
>                  AuthOpenIDSingleIdP http://www.example.com
>
>                  AuthOpenIDTrustRoot http://rt.example.com
>
>                  AuthOpenIDCookieName rt_auth_cookie
>
>                  AuthOpenIDSecureCookie Off
>
> #               Order allow,deny
>
> #               Allow from all
>
>                  SetHandler modperl
>
>                  PerlResponseHandler Plack::Handler::Apache2
>
>                  PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
>
>          </Location>
>
>          <Perl>
>
>                  use Plack::Handler::Apache2;
>
>
> Plack::Handler::Apache2->preload("/usr/local/rt/sbin/rt-server");
>
>          </Perl>
>
> </VirtualHost>
>
> Thanks for any help on this issue.
>
> Thomas Klump
>
>
>
>
>

I don't use RT in this way, but it sounds like you need to open up an 
area of RT for no authentication.  Take a look at the page below.  Note 
that it says it's out of date, so I may be way off here, but check out 
the part where it opens up /NoAuth.  You may have to play around with 
the location, as it looks like you're going through the REST API.



More information about the rt-users mailing list