Rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

RT Users
1

I’m working on implementing RT with OpenID. I started with a basic installation of RT and I created some test tickets from within the webui and via email. Everything worked great. I then started to implement OpenID for authentication. I tried using the RT OpenID plugin but I was never able to get that to work and there was very little documentation out there about it. I then decided to install WebExternalAuth use the Apache OpenID module for authentication. I was able to get this to work and now the web interface works great. Unfortunately, now the rt-mailgate is no longer working. When I email the queue the following error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130: to=“|/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action correspond --url http://rt.example.com/”, ctladdr=<customerservice@rt.example.commailto:customerservice@rt.example.com> (8/0), delay=00:00:08, xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

(echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action correspond --url http://rt.example.com --debug

/usr/local/rt/bin/rt-mailgate: temp file is ‘/tmp/b4OHJlWSwH/Kgebhr0hI2’
/usr/local/rt/bin/rt-mailgate: connecting to http://rt.example.com/REST/1.0/NoAuth/mail-gateway
An Error Occurred

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache virtualhost config and then rt-mailgate would process emails successfully. Here is my apache vituralhost configuration that seems to be the problem:

<VirtualHost *:80>
# Optional apache logs for RT
# ErrorLog /usr/local/rt/var/log/apache2.error
# TransferLog /usr/local/rt/var/log/apache2.access
# LogLevel debug

    AddDefaultCharset UTF-8
    DocumentRoot "/usr/local/rt/share/html"

    <Location />

If I comment out the section below and uncomment the two lines below that everything works

            AuthType OpenID
            require valid-user
            AuthOpenIDTrusted ^http://www.example.com/$
            AuthOpenIDUseCookie On
            AuthOpenIDSingleIdP http://www.example.com
            AuthOpenIDTrustRoot http://rt.example.com
            AuthOpenIDCookieName rt_auth_cookie
            AuthOpenIDSecureCookie Off

Order allow,deny

Allow from all

            SetHandler modperl
            PerlResponseHandler Plack::Handler::Apache2
            PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
    </Location>
    <Perl>
            use Plack::Handler::Apache2;
            Plack::Handler::Apache2->preload("/usr/local/rt/sbin/rt-server");
    </Perl>

Thanks for any help on this issue.

Thomas Klump

2

I’m working on implementing RT with OpenID. I started with a basic installation of RT and I created some test tickets from within the webui and via email. After everything was working I started to implement OpenID for authentication. I tried using the RT OpenID plugin but I was never able to get that to work and there was next to no documentation out there about it. I then decided to install WebExternalAuth use the Apache OpenID module for authentication. I was able to get this to work and now the web interface works great. Unfortunately, now the rt-mailgate is no longer working. When I email the queue the following error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130: to=“|/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action correspond --url http://rt.example.com/”, ctladdr=customerservice@rt.example.com (8/0), delay=00:00:08, xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

(echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action correspond --url http://rt.example.com --debug

/usr/local/rt/bin/rt-mailgate: temp file is ‘/tmp/b4OHJlWSwH/Kgebhr0hI2’
/usr/local/rt/bin/rt-mailgate: connecting to http://rt.example.com/REST/1.0/NoAuth/mail-gateway
An Error Occurred

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache virtualhost config and then rt-mailgate would process emails successfully. Here is my apache vituralhost configuration that is causing the errors:

<VirtualHost *:80>
# Optional apache logs for RT
# ErrorLog /usr/local/rt/var/log/apache2.error
# TransferLog /usr/local/rt/var/log/apache2.access
# LogLevel debug

    AddDefaultCharset UTF-8
    DocumentRoot "/usr/local/rt/share/html"

    <Location />

If I comment out the section below and uncomment the two lines below that everything works

            AuthType OpenID
            require valid-user
            AuthOpenIDTrusted ^http://www.example.com/$
            AuthOpenIDUseCookie On
            AuthOpenIDSingleIdP http://www.example.com
            AuthOpenIDTrustRoot http://rt.example.com
            AuthOpenIDCookieName rt_auth_cookie
            AuthOpenIDSecureCookie Off

Order allow,deny

Allow from all

            SetHandler modperl
            PerlResponseHandler Plack::Handler::Apache2
            PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
    </Location>
    <Perl>
            use Plack::Handler::Apache2;
            Plack::Handler::Apache2->preload("/usr/local/rt/sbin/rt-server");
    </Perl>

Thanks for any help on this issue.
Thomas Klump

3

I�m working on implementing RT with OpenID. I started with a basic
installation of RT and I created some test tickets from within the webui
and via email. Everything worked great. I then started to implement
OpenID for authentication. I tried using the RT OpenID plugin but I was
never able to get that to work and there was very little documentation
out there about it. I then decided to install WebExternalAuth use the
Apache OpenID module for authentication. I was able to get this to work
and now the web interface works great. Unfortunately, now the
rt-mailgate is no longer working. When I email the queue the following
error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
to=“|/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action
correspond --url http://rt.example.com/”,
ctladdr=<customerservice@rt.example.com
mailto:customerservice@rt.example.com> (8/0), delay=00:00:08,
xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog
mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

(echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate

–queue ‘Customer Service’ --action correspond --url
http://rt.example.com --debug

/usr/local/rt/bin/rt-mailgate: temp file is ‘/tmp/b4OHJlWSwH/Kgebhr0hI2’

/usr/local/rt/bin/rt-mailgate: connecting to
http://rt.example.com/REST/1.0/NoAuth/mail-gateway

An Error Occurred

=================

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache
virtualhost config and then rt-mailgate would process emails
successfully. Here is my apache vituralhost configuration that seems to
be the problem:

<VirtualHost *:80>

     # Optional apache logs for RT

     # ErrorLog /usr/local/rt/var/log/apache2.error

     # TransferLog /usr/local/rt/var/log/apache2.access

     # LogLevel debug

     AddDefaultCharset UTF-8

     DocumentRoot "/usr/local/rt/share/html"

     <Location />

If I comment out the section below and uncomment the two lines below

that everything works

             AuthType OpenID

             require valid-user

             AuthOpenIDTrusted ^http://www.example.com/$

             AuthOpenIDUseCookie On

             AuthOpenIDSingleIdP http://www.example.com

             AuthOpenIDTrustRoot http://rt.example.com

             AuthOpenIDCookieName rt_auth_cookie

             AuthOpenIDSecureCookie Off

Order allow,deny

Allow from all

             SetHandler modperl

             PerlResponseHandler Plack::Handler::Apache2

             PerlSetVar psgi_app /usr/local/rt/sbin/rt-server

     </Location>

     <Perl>

             use Plack::Handler::Apache2;

Plack::Handler::Apache2->preload(“/usr/local/rt/sbin/rt-server”);

     </Perl>

Thanks for any help on this issue.

Thomas Klump

I don’t use RT in this way, but it sounds like you need to open up an
area of RT for no authentication. Take a look at the page below. Note
that it says it’s out of date, so I may be way off here, but check out
the part where it opens up /NoAuth. You may have to play around with
the location, as it looks like you’re going through the REST API.

4

Tim,

Thanks, adding a section to the virtualhost configuration for NoAuth having no authentication worked like a charm. The webpage I found the solution on is:

http://requesttracker.wikia.com/wiki/WebExternalAuth

Thanks,

Thomas

It’s usually a good idea to also reply to the list so others know the
eventual resolution.

Also…so much for responding to e-mail before coffee. I absolutely
intended on adding that link to my e-mail & didn’t. My apologies. I’m
glad you eventually found it & figure it out.

5

Tim,

Thanks, adding a section to the virtualhost configuration for NoAuth having no authentication worked like a charm. The webpage I found the solution on is:

http://requesttracker.wikia.com/wiki/WebExternalAuth

and the snippet I added to my rc.conf was:

<LocationMatch “/NoAuth”>
Satisfy Any
Allow from all

Thanks,

Thomas-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Tim Wiley
Sent: Wednesday, February 13, 2013 7:28 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

On 02/12/2013 08:00 PM, Thomas Klump wrote:

I’m working on implementing RT with OpenID. I started with a basic
installation of RT and I created some test tickets from within the
webui and via email. Everything worked great. I then started to
implement OpenID for authentication. I tried using the RT OpenID
plugin but I was never able to get that to work and there was very
little documentation out there about it. I then decided to install
WebExternalAuth use the Apache OpenID module for authentication. I was
able to get this to work and now the web interface works great.
Unfortunately, now the rt-mailgate is no longer working. When I email
the queue the following error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
to=“|/usr/local/rt/bin/rt-mailgate --queue ‘Customer Service’ --action
correspond --url http://rt.example.com/”,
ctladdr=<customerservice@rt.example.com
mailto:customerservice@rt.example.com> (8/0), delay=00:00:08,
xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred:
prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

(echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate

–queue ‘Customer Service’ --action correspond --url
http://rt.example.com --debug

/usr/local/rt/bin/rt-mailgate: temp file is ‘/tmp/b4OHJlWSwH/Kgebhr0hI2’

/usr/local/rt/bin/rt-mailgate: connecting to
http://rt.example.com/REST/1.0/NoAuth/mail-gateway

An Error Occurred

=================

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache
virtualhost config and then rt-mailgate would process emails
successfully. Here is my apache vituralhost configuration that seems
to be the problem:

<VirtualHost *:80>

     # Optional apache logs for RT

     # ErrorLog /usr/local/rt/var/log/apache2.error

     # TransferLog /usr/local/rt/var/log/apache2.access

     # LogLevel debug

     AddDefaultCharset UTF-8

     DocumentRoot "/usr/local/rt/share/html"

     <Location />

If I comment out the section below and uncomment the two lines below

that everything works

             AuthType OpenID

             require valid-user

             AuthOpenIDTrusted ^http://www.example.com/$

             AuthOpenIDUseCookie On

             AuthOpenIDSingleIdP http://www.example.com

             AuthOpenIDTrustRoot http://rt.example.com

             AuthOpenIDCookieName rt_auth_cookie

             AuthOpenIDSecureCookie Off

Order allow,deny

Allow from all

             SetHandler modperl

             PerlResponseHandler Plack::Handler::Apache2

             PerlSetVar psgi_app /usr/local/rt/sbin/rt-server

     </Location>

     <Perl>

             use Plack::Handler::Apache2;

Plack::Handler::Apache2->preload(“/usr/local/rt/sbin/rt-server”);

     </Perl>

Thanks for any help on this issue.

Thomas Klump

I don’t use RT in this way, but it sounds like you need to open up an area of RT for no authentication. Take a look at the page below. Note that it says it’s out of date, so I may be way off here, but check out the part where it opens up /NoAuth. You may have to play around with the location, as it looks like you’re going through the REST API.

RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T