Intranet/Intranet Client Configuration

MediaWiki is accessed via a web browser and clients may need some configuration changes to work properly with the Intranet as documented here. Assuming that the wiki is using a TLS certificate that is signed by a trusted certificate authority then the client system must also trust that CA. IE, Chrome and Chromium will use the Windows trust store which should include Enterprise CAs. Firefox on Windows does not yet but has support for it which is disabled by default and we show how to enable it. All clients must be "domain joined". You can check that you have valid Kerberos tickets on both Windows and Linux with the klist command.

'''NOTE: Browsers are constantly changing and these notes are getting on a bit. Firefox and Chrome/Chromium have GPOs these days on Windows (search for details). I'll update this lot soonish!'''

IE
Configuring Internet Explorer for Automatic Logon

Manual configuration
On both Windows and Linux, about:config (note leading dot in the domain name) and search for and set these options:

Group Policy
Create two files Be careful with the extension - .js or .cfg. Both files must have a // comment in the first line. The obscure_value option can be used to obscure the settings applied, setting it to 0 means that you can read the settings in about:config.

enable_local_policy.js: local_policy.cfg: Copy the two files to a central location that is accessible to all client PCs. One possibility is \\example.co.uk\SYSVOL\example.co.uk\firefox, that is use the SYSVOL share on your domain controllers. These files are tiny so there should be no problems.

Create a Group Policy object or edit an existing one and create two File items:

Group Policy
For Windows, Google provides group policy extensions which can be used to enable the settings.

Linux
Create a directory to hold settings. The first one is for Chrome and the second one is for Chromium. You can create one and symlink to it for the other. Note that Chrome is /etc/opt/chrome/ and Chromium is not: Create a file such as /etc/opt/chrome/policies/managed/local_policy.json: Note that the key names have been changed from eg AuthServerWhiteList to AuthServerAllowList. Google maintain a complete list of policies and settings. Browse to chrome://policy/ in the browser to see which policies are in effect.