Hello all,
I'm facing around with some problems with Parsoid and the Remoteuser Authentication with Kerberos.
First my setup:
Ubuntu 20.04.
Mediamywiki 1.31.12
PHP 7.4.3
BlueSpice 3.2.0
Parsoid 0.10.0
Kerberos SSO is working fine. Now the problem is, that when editing an article with Visual Editor, the page turns white and when trying to save an "HTTP 500" error appears. In the syslog I have an "401 Unauthorized" Error. I have the following configs. Parsoid is running on the same server as my Apache Webserver and is accessible at port 8000 (via cli and curl and also via browser). Also, when creating a new section or page, the Visual Editor is working.
___________________________________________
Apache vhost:
<VirtualHost *:443>
ServerName mywiki.mydomain.com
ServerAlias mywiki
DocumentRoot /path/to/mediawiki
<Directory /path/to/mediawiki>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
<RequireAny>
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms mydomain.COM
KrbServiceName HTTP/serviceusr.mydomain.com
Krb5KeyTab /etc/apache2/kerberos/mykeytab.keytab
KrbLocalUserMapping On #Strips @REALM
KrbMethodNegotiate on
KrbMethodK5Passwd off
Require valid-user
Require ip 127.0.0.0/255.0.0.0
</RequireAny>
</Directory>
___________________________________________
LocalSettings.php:
$wgAuthRemoteuserUserName = function() {
global $wgDBname;
$user = '';
if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
$user = $_SERVER[ 'REMOTE_USER' ] . '@mydomain.com';
}
if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && substr( $_SERVER[ 'REMOTE_ADDR' ], 0, 4 ) == '127.' ) {
if( empty( $user ) ) {
$user = $_COOKIE[$wgDBname.'304f3058RemoteToken'] . '@mydomain.com';
}
}
return $user;
};
___________________________________________
settings.d\020-VisualEditor.php:
// Creating base64 encoded path
$fullPath = $GLOBALS['wgServer'] . $GLOBALS['wgScriptPath'];
$encFullPath = base64_encode( $fullPath );
// Linking with Parsoid
$wgVirtualRestConfig['modules']['parsoid'] = array(
// URL to the Parsoid instance
// Use port 8142 if you use the Debian package
'url' => 'http...127.0.0.1:8000', // I wasn't allowed to post it with "://"
'domain' => $encFullPath,
'forwardCookies' => true
);
$wgVisualEditorEnablemywikitext = true;
___________________________________________
Parsoid config.yaml:
worker_heartbeat_timeout: 300000
logging:
level: info
services:
- module: lib/index.js
entrypoint: apiServiceWorker
conf:
localsettings: ./localsettings.js
___________________________________________
Parsoid localsettings.js:
'use strict';
exports.setup = function(parsoidConfig) {
parsoidConfig.dynamicConfig = function(domain) {
var baseUrl = Buffer.from( domain, 'base64').toString();
parsoidConfig.setMwApi({
uri: baseUrl + '/api.php',
domain: mydomain,
strictSSL: false
});
}
};
___________________________________________
Maybe I miss the obvious here, but I'm facing around with this issue for a few days now and i think it is time to ask the community for help ;)