In an effort to make cookies work on a farm, Auth_remoteuser munges the cookie prefix so that it cannot be forwarded by VisualEditor and/or Parsoid to authenticate a user on a private wiki. Parsoid errors out complaining the API is read only even though the problem is that the cookie doesn't match what is expected.
Fix that caused this bug: 921c65f696a5
Discussion about fix: I4ce096f3d287bcf611c2b6baad522baf07065a48
Bug: T171190
We are uning this kind of configuration for VisualEditor with Auth_remoteuser in the LocalSettings.php:
<?php // Usual LDAPStack config $GLOBALS['wgAuthRemoteuserUserName'] = function() { $user = ''; if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) { $user = $_SERVER[ 'REMOTE_USER' ]; } //Calls from local Parsoid / PhantomJS if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && $_SERVER[ 'REMOTE_ADDR' ] === '127.0.0.1' ) { $cookieName = $GLOBALS['wgDBname'] . $GLOBALS['wgDBprefix'] . '304f3058RemoteToken'; if( empty( $user ) && isset( $_COOKIE[$cookieName] ) ) { $user = "<domainname>\\" . $_COOKIE[$cookieName]; } } return $user; };
Be aware that "304f3058RemoteToken" might change on updates of Auth_remoteuser (although it is not very likely). Also note that $user = "<domainname>\\" . $_COOKIE[$cookieName]; may be $user = $_COOKIE[$cookieName] . "@<domainname>";, based on how your username is formatted ("domain-backslash-username" or "username-at-domain").
Als, if no real user context is required, the much simpler config example #7 from https://www.mediawiki.org/wiki/Extension:Auth_remoteuser#Parameters / "$wgAuthRemoteuserUserName" should do