I’m setting up a new RT 5 server, and I have basic web access work with shibboleth. However, it doesn’t appear that rt-mailgate is working with this setup, and I haven’t been able to figure out why.
Running a rt-mailgate test against my domain returns a 400 error, and running a ‘wget --spider’ against the same domain shows that it is connecting to the Shibboleth IdP and failing.
I need any RT API connections from localhost or the servers’s public to bypass the Shibboleth authentication so that rt-mailgate can import emails without dealing with authentication (but still requiring it for standard users, obviously).
My rt.conf is based on a version that is working on RT4.4.0/apache 2.2 in the same environment, so I’m pretty sure the issue is a difference in how apache 2.2 and 2.4 interpret the config file.
Here’s my rt.conf (with the real domain names and IP changed):
<VirtualHost *:80>
ServerAdmin iadmin@domain.com
Redirect / https://my.domain.com/
ErrorLog logs/my.domain.com-error.log
CustomLog logs/my.domain.com-access.log combined
</VirtualHost>
<VirtualHost *:443>
# Request Tracker
ServerName my.domain.com
AddDefaultCharset UTF-8
# DocumentRoot /opt/rt4/share/html
# FcgidMaxRequestLen 50000000 # This is the previous number, changed 20181115
FcgidMaxRequestLen 1073741824
Alias /NoAuth/images/ /opt/rt5/share/html/NoAuth/images/
ScriptAlias /rt /opt/rt5/sbin/rt-server.fcgi/
# <Location />
# Require all granted
# </Location>
<Location /rt/REST/1.0/NoAuth>
Order Allow,Deny
Allow from 127.0.0.1
Allow from 22.22.22.22 #example public IP
</Location>
<Directory "/opt/rt5/sbin">
SSLOptions +StdEnvVars
</Directory>
ErrorLog logs/my.domain.com-ssl.error.log
CustomLog logs/my.domain.com-ssl.access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
## my.domain.com certs
SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key
SSLCertificateChainFile /etc/ssl/certs/InCommon.pem
<Directory />
AuthType Shibboleth
ShibRequireSession On
ShibUseHeaders On
Require shibboleth
Order allow,deny
Allow from 22.22.22.22 #example public IP
Allow from 127.0.0.1
Satisfy Any
</Directory>
</VirtualHost>