Hello everyone,
I am new to this forum, first time user.
I am working on upgading our RT installation from 4.4.2 to 5.0.1 ( at new install of 5.0.1 in a different sever ). I installed 5.0.1 fresh, uploaded the database backup from 4.4.2 ( to 5.0.1 ). I can login to the GUI just fine. I can see all the customizations, ticket history , etc. , in the new installation.
When I try to use the mail-gateway , I run into the following problem. I am not sure where this is coming from.
Here is the error message:
procmail: Notified comsat: "fetchmail@:/opt/RT/5.0.1/bin/rt-mailgate --url https://rcicrequest.rcic.uci.edu/rt --no-verify-ssl --queue General --action correspond --debug"
procmail: Executing "/opt/RT/5.0.1/bin/rt-mailgate,--url,https://rcicrequest.rcic.uci.edu/rt,--no-verify-ssl,--queue,General,--action,correspond,--debug"
From fetchmail Wed Sep 15 10:32:20 2021
Subject: Test ticket RT5 testing #8
Folder: /opt/RT/5.0.1/bin/rt-mailgate --url https://rcicrequest.rcic 6998
/opt/RT/5.0.1/bin/rt-mailgate: temp file is '/tmp/GUTZ4OGsaD/ibAt5DnUel'
/opt/RT/5.0.1/bin/rt-mailgate: connecting to https://rcicrequest.rcic.uci.edu/rt/REST/1.0/NoAuth/mail-gateway
HTTP request failed: 400 400. Your webserver logs may have more information or there may be a network problem.
Here is my ssl.conf:
> DocumentRoot "/opt/RT/5.0.1/share/html"
> <Location /rt>
> <IfVersion >= 2.4>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> Require shibboleth
> ShibUseHeaders On
> ShibBasicHijack On
> RequestHeader set X-Remote-User %{REMOTE_USER}s
> </IfVersion>
> Options +ExecCGI
> AddHandler fcgid-script fcgi html
> </Location>
> #--------------------------------#
> <Location /REST/1.0/NoAuth/mail-gateway>
> Satisfy Any
> Allow from all
> AuthType None
> Require all granted
> </Location>
> #--------------------------------#
> <Directory /opt/RT/5.0.1/share/html>
> <IfVersion >= 2.4>
> Satisfy Any
> Allow from all
> AuthType None
> Require all granted
> </IfVersion>
> </Directory>
I am not sure from where that httpd 400 error is coming from.
Can you please help shed some light into this? I did not have this trouble setting RT 4.4.2 up.
I am not sure what you meant my connecting to the mailgate. I did this:
[root@rcic-rt ~]# curl https://rcicrequest.rcic.uci.edu/rt/REST/1.0/NoAuth/mail-gateway
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://shib.nacs.uci.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZJdT4MwFIb%2FCun9KB%2Bbm80gwe3CJdORgV54Y0o5kybQYk%2Fx498LY%2Bq8mXdN%2Bp7n7XnSJfKmblnS2Urt4bUDtM5HUytkx4uIdEYxzVEiU7wBZFawLLnbssD1WGu01ULXxEkQwVip1Uor7BowGZg3KeBhv41IZW2LjFIjpDBjhzuc3U5IF8qOZpUsCl2DrVxETQd%2BQNNdlhNn3Yel4gP6F4R93lVc4A9Bli3tX3OQNZzG91BKA8LSLNsRZ7OOyHPIvWLuTT248sLZgYfTsBSzRejNpwAQlmUfQ%2Bxgo9ByZSMSeIE%2F8a4n%2Fiz3FywMWLB4Ik56WvpGqlKql8uGijGE7DbP08m40iMYPK7TB0i8HDyzY7E5M38Zy791k%2Fhfufgjd0nPusbilt338M061bUUn05S1%2Fp9ZYBbiIhPaDyO%2FP0f8Rc%3D&RelayState=ss%3Amem%3A530275e41434eafe0d09fca57e32ff37782d7c8f3068fb3eb86b4bc9548e0202">here</a>.</p>
</body></html>
Is that what you meant by connecting to the mailgate?
Yeah my thoughts are the Location directives for Apache aren’t doing what we think since it looks like that curl request hit SAML, if I recall they may have been changed in recent versions of Apache. Is this the same machine that RT 4 was on or a new server?
Since the RT install and database instance are running from the same server, I wish there should have been an option to pull mails through fetchmail without any URL reference( just locally).
I think I was able to resolve it with the following:
<Location ~ "/REST/1.0/NoAuth/(mail-gateway)">
<IfVersion >= 2.4>
Satisfy Any
Allow from all
AuthType None
Require all granted
</IfVersion>
</Location>
mailgate was getting caught up with SAML redirect prompting for 2FA.
Thank you everyone for your heart warming help and support. Your questions/comments led me to get the bottom of it.