[rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module
Tim Wiley
tim at marchex.com
Wed Feb 13 10:28:00 EST 2013
On 02/12/2013 08:00 PM, Thomas Klump wrote:
> I’m working on implementing RT with OpenID. I started with a basic
> installation of RT and I created some test tickets from within the webui
> and via email. Everything worked great. I then started to implement
> OpenID for authentication. I tried using the RT OpenID plugin but I was
> never able to get that to work and there was very little documentation
> out there about it. I then decided to install WebExternalAuth use the
> Apache OpenID module for authentication. I was able to get this to work
> and now the web interface works great. Unfortunately, now the
> rt-mailgate is no longer working. When I email the queue the following
> error is logged in the maillog:
>
> Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
> to="|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action
> correspond --url http://rt.example.com/",
> ctladdr=<customerservice at rt.example.com
> <mailto:customerservice at rt.example.com>> (8/0), delay=00:00:08,
> xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog
> mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
>
> I then tried testing it from command line with the following results:
>
> # (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate
> --queue 'Customer Service' --action correspond --url
> http://rt.example.com --debug
>
> /usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'
>
> /usr/local/rt/bin/rt-mailgate: connecting to
> http://rt.example.com/REST/1.0/NoAuth/mail-gateway
>
> An Error Occurred
>
> =================
>
> 302 Found
>
> /usr/local/rt/bin/rt-mailgate: undefined server error
>
> I then switched back to normal authentication methods in my apache
> virtualhost config and then rt-mailgate would process emails
> successfully. Here is my apache vituralhost configuration that seems to
> be the problem:
>
> <VirtualHost *:80>
>
> # Optional apache logs for RT
>
> # ErrorLog /usr/local/rt/var/log/apache2.error
>
> # TransferLog /usr/local/rt/var/log/apache2.access
>
> # LogLevel debug
>
> AddDefaultCharset UTF-8
>
> DocumentRoot "/usr/local/rt/share/html"
>
> <Location />
>
> # If I comment out the section below and uncomment the two lines below
> that everything works
>
> AuthType OpenID
>
> require valid-user
>
> AuthOpenIDTrusted ^http://www.example.com/$
>
> AuthOpenIDUseCookie On
>
> AuthOpenIDSingleIdP http://www.example.com
>
> AuthOpenIDTrustRoot http://rt.example.com
>
> AuthOpenIDCookieName rt_auth_cookie
>
> AuthOpenIDSecureCookie Off
>
> # Order allow,deny
>
> # Allow from all
>
> SetHandler modperl
>
> PerlResponseHandler Plack::Handler::Apache2
>
> PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
>
> </Location>
>
> <Perl>
>
> use Plack::Handler::Apache2;
>
>
> Plack::Handler::Apache2->preload("/usr/local/rt/sbin/rt-server");
>
> </Perl>
>
> </VirtualHost>
>
> Thanks for any help on this issue.
>
> Thomas Klump
>
>
>
>
>
I don't use RT in this way, but it sounds like you need to open up an
area of RT for no authentication. Take a look at the page below. Note
that it says it's out of date, so I may be way off here, but check out
the part where it opens up /NoAuth. You may have to play around with
the location, as it looks like you're going through the REST API.
More information about the rt-users
mailing list