"Scrips and Recipients" blank and CAS auth

I recently upgraded my works RT server from 4.2.6 to 5.0.3. We use WebRemoteUserAuth using mod_auth_cas with Apache. This worked fine in 4.2.6, but since the upgrade, some users have reported issues with CAS errors when trying to click on tickets in their queues.

At the same time, when they are able to access tickets and go to reply, the “Scrips and Recipients” list at the bottom is blank, empty. The header/section is there but it contains nothing.

If the user completely wipes all browser cache and cookies, quits the browser, then reopens the browser, RT starts behaving again, but the problem comes back intermittently causing the user to repeat the process. This is happening in both Firefox and Chrome.

Has anyone seen either of these issues? Any tips?

The server I upgraded to is CentOS Stream 9 running Apache 2.4.53.


I’d be curious to know what settings you’re using for mod_auth_cas. I’m in the middle of deploying a new RT with a similar configuration. Haven’t come across this in testing myself.

Sorry for such a late reply. I work at a university which has centralized authentication so I point the cas settings to the campus servers.

Here is my auth_cas.conf for apache:

<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so

LoadModule auth_cas_module modules/mod_auth_cas.so

CASCookiePath /var/cache/httpd/mod_auth_cas/
CASLoginURL https://casservername/cas/login
CASValidateURL https://caseservername/cas/serviceValidate
CASCertificatePath /etc/pki/tls/cert.pem
CASSSOEnabled On
CASDebug On

We have no issues authenticating users and I’ve found the issue only happens when users do not regular use the RT site directly. Instead they are managing their tickets by clicking on the links in the emails RT sends them. When they then try to reply to the ticket, the “Scrips and Recipients” section is empty. If they then simply open the RT site in another browser tab and go back and try the email link again, it works fine. So I can only think it has something to do with using the email link and it somehow screwing up the user session/cookie.

Anyone have any thoughts?