Topic on Talk:Parsoid

Jump to navigation Jump to search

Parsoid with Kerberos and Auth_Remoteuser

1
Wikweng (talkcontribs)

Hello all,

I'm facing around with some problems with Parsoid and the Remoteuser Authentication with Kerberos.

First my setup:

Ubuntu 20.04.

Mediamywiki 1.31.12

PHP 7.4.3

BlueSpice 3.2.0

Parsoid 0.10.0

Kerberos SSO is working fine. Now the problem is, that when editing an article with Visual Editor, the page turns white and when trying to save an "HTTP 500" error appears. In the syslog I have an "401 Unauthorized" Error. I have the following configs. Parsoid is running on the same server as my Apache Webserver and is accessible at port 8000 (via cli and curl and also via browser). Also, when creating a new section or page, the Visual Editor is working.

___________________________________________

Apache vhost:

<VirtualHost *:443>

  ServerName mywiki.mydomain.com

  ServerAlias mywiki

   DocumentRoot /path/to/mediawiki

   <Directory /path/to/mediawiki>

       Options Indexes FollowSymLinks MultiViews

       AllowOverride None

       

   <RequireAny>

   AuthType Kerberos

   AuthName "Kerberos Login"

   KrbAuthRealms mydomain.COM

   KrbServiceName HTTP/serviceusr.mydomain.com

   Krb5KeyTab /etc/apache2/kerberos/mykeytab.keytab

   KrbLocalUserMapping On #Strips @REALM

   KrbMethodNegotiate on

   KrbMethodK5Passwd off

   Require valid-user

   Require ip 127.0.0.0/255.0.0.0

   </RequireAny>

   

   </Directory>

___________________________________________

LocalSettings.php:

$wgAuthRemoteuserUserName = function() {

   global $wgDBname;

   $user = '';

   if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {

       $user = $_SERVER[ 'REMOTE_USER' ] . '@mydomain.com';

   }

   if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && substr( $_SERVER[ 'REMOTE_ADDR' ], 0, 4 ) == '127.' ) {

       if( empty( $user ) ) {

           $user = $_COOKIE[$wgDBname.'304f3058RemoteToken'] . '@mydomain.com';

       }

   }

   return $user;

  };

___________________________________________

settings.d\020-VisualEditor.php:

// Creating base64 encoded path

$fullPath = $GLOBALS['wgServer'] . $GLOBALS['wgScriptPath'];

$encFullPath = base64_encode( $fullPath );

// Linking with Parsoid

$wgVirtualRestConfig['modules']['parsoid'] = array(

   // URL to the Parsoid instance

   // Use port 8142 if you use the Debian package

   'url' => 'http...127.0.0.1:8000', // I wasn't allowed to post it with "://"

   'domain' => $encFullPath,

   'forwardCookies' => true

);

$wgVisualEditorEnablemywikitext = true;

___________________________________________

Parsoid config.yaml:

worker_heartbeat_timeout: 300000

logging:

  level: info

services:

  - module: lib/index.js

  entrypoint: apiServiceWorker

  conf:

       localsettings: ./localsettings.js

___________________________________________

Parsoid localsettings.js:

'use strict';

exports.setup = function(parsoidConfig) {

   parsoidConfig.dynamicConfig = function(domain) {

       var baseUrl = Buffer.from( domain, 'base64').toString();

       parsoidConfig.setMwApi({

           uri: baseUrl + '/api.php',

           domain: mydomain,

           strictSSL: false

       });

   }

};

___________________________________________


Maybe I miss the obvious here, but I'm facing around with this issue for a few days now and i think it is time to ask the community for help ;)

Reply to "Parsoid with Kerberos and Auth_Remoteuser"