GRR has a SSO configuration page in its administration panel.
Do not use Lemonldap mode, which is for a very old Lemonldap version, but HTTP authentication.
Set the default profile of connected users and which headers contains surname, firstname and mail.
GRR will check the username in REMOTE_USER, so use remote header conversion if you are in proxy mode.
GRR virtual host in LL::NG¶
- ^/index.php => accept
- default => unprotect
- Auth-User $uid
- Auth-Sn: $sn
- Auth-GivenName: $givenName
- Auth-Mail: $mail