[rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

Thomas Klump Thomas.Klump at exodec.com
Wed Feb 13 14:30:41 EST 2013 

Tim,

Thanks, adding a section to the virtualhost configuration for NoAuth having no authentication worked like a charm. The webpage I found the solution on is:

http://requesttracker.wikia.com/wiki/WebExternalAuth

and the snippet I added to my rc.conf was:

<LocationMatch "/NoAuth">
    Satisfy Any
    Allow from all
</LocationMatch>

Thanks,

Thomas

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Tim Wiley
Sent: Wednesday, February 13, 2013 7:28 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

On 02/12/2013 08:00 PM, Thomas Klump wrote:
> I'm working on implementing RT with OpenID. I started with a basic 
> installation of RT and I created some test tickets from within the 
> webui and via email. Everything worked great. I then started to 
> implement OpenID for authentication. I tried using the RT OpenID 
> plugin but I was never able to get that to work and there was very 
> little documentation out there about it. I then decided to install 
> WebExternalAuth use the Apache OpenID module for authentication. I was 
> able to get this to work and now the web interface works great.
> Unfortunately, now the rt-mailgate is no longer working. When I email 
> the queue the following error is logged in the maillog:
>
> Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
> to="|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action 
> correspond --url http://rt.example.com/", 
> ctladdr=<customerservice at rt.example.com
> <mailto:customerservice at rt.example.com>> (8/0), delay=00:00:08, 
> xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred:
> prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
>
> I then tried testing it from command line with the following results:
>
> # (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate 
> --queue 'Customer Service' --action correspond --url 
> http://rt.example.com --debug
>
> /usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'
>
> /usr/local/rt/bin/rt-mailgate: connecting to 
> http://rt.example.com/REST/1.0/NoAuth/mail-gateway
>
> An Error Occurred
>
> =================
>
> 302 Found
>
> /usr/local/rt/bin/rt-mailgate: undefined server error
>
> I then switched back to normal authentication methods in my apache 
> virtualhost config and then rt-mailgate would process emails 
> successfully. Here is my apache vituralhost configuration that seems 
> to be the problem:
>
> <VirtualHost *:80>
>
>          # Optional apache logs for RT
>
>          # ErrorLog /usr/local/rt/var/log/apache2.error
>
>          # TransferLog /usr/local/rt/var/log/apache2.access
>
>          # LogLevel debug
>
>          AddDefaultCharset UTF-8
>
>          DocumentRoot "/usr/local/rt/share/html"
>
>          <Location />
>
> # If I comment out the section below and uncomment the two lines below 
> that everything works
>
>                  AuthType OpenID
>
>                  require valid-user
>
>                  AuthOpenIDTrusted ^http://www.example.com/$
>
>                  AuthOpenIDUseCookie On
>
>                  AuthOpenIDSingleIdP http://www.example.com
>
>                  AuthOpenIDTrustRoot http://rt.example.com
>
>                  AuthOpenIDCookieName rt_auth_cookie
>
>                  AuthOpenIDSecureCookie Off
>
> #               Order allow,deny
>
> #               Allow from all
>
>                  SetHandler modperl
>
>                  PerlResponseHandler Plack::Handler::Apache2
>
>                  PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
>
>          </Location>
>
>          <Perl>
>
>                  use Plack::Handler::Apache2;
>
>
> Plack::Handler::Apache2->preload("/usr/local/rt/sbin/rt-server");
>
>          </Perl>
>
> </VirtualHost>
>
> Thanks for any help on this issue.
>
> Thomas Klump
>
>
>
>
>

I don't use RT in this way, but it sounds like you need to open up an area of RT for no authentication.  Take a look at the page below.  Note that it says it's out of date, so I may be way off here, but check out the part where it opens up /NoAuth.  You may have to play around with the location, as it looks like you're going through the REST API.


--
RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T

More information about the rt-users mailing list