I’m setting up a new RT 5 server, and I have basic web access work with shibboleth. However, it doesn’t appear that rt-mailgate is working with this setup, and I haven’t been able to figure out why.
Running a rt-mailgate test against my domain returns a 400 error, and running a ‘wget --spider’ against the same domain shows that it is connecting to the Shibboleth IdP and failing.
I need any RT API connections from localhost or the servers’s public to bypass the Shibboleth authentication so that rt-mailgate can import emails without dealing with authentication (but still requiring it for standard users, obviously).
My rt.conf is based on a version that is working on RT4.4.0/apache 2.2 in the same environment, so I’m pretty sure the issue is a difference in how apache 2.2 and 2.4 interpret the config file.
Here’s my rt.conf (with the real domain names and IP changed):
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org Redirect / https://my.domain.com/ ErrorLog logs/my.domain.com-error.log CustomLog logs/my.domain.com-access.log combined </VirtualHost> <VirtualHost *:443> # Request Tracker ServerName my.domain.com AddDefaultCharset UTF-8 # DocumentRoot /opt/rt4/share/html # FcgidMaxRequestLen 50000000 # This is the previous number, changed 20181115 FcgidMaxRequestLen 1073741824 Alias /NoAuth/images/ /opt/rt5/share/html/NoAuth/images/ ScriptAlias /rt /opt/rt5/sbin/rt-server.fcgi/ # <Location /> # Require all granted # </Location> <Location /rt/REST/1.0/NoAuth> Order Allow,Deny Allow from 127.0.0.1 Allow from 220.127.116.11 #example public IP </Location> <Directory "/opt/rt5/sbin"> SSLOptions +StdEnvVars </Directory> ErrorLog logs/my.domain.com-ssl.error.log CustomLog logs/my.domain.com-ssl.access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on ## my.domain.com certs SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key SSLCertificateChainFile /etc/ssl/certs/InCommon.pem <Directory /> AuthType Shibboleth ShibRequireSession On ShibUseHeaders On Require shibboleth Order allow,deny Allow from 18.104.22.168 #example public IP Allow from 127.0.0.1 Satisfy Any </Directory> </VirtualHost>