Check that this returns a well formed capabilities document filled with public layers:
curl "http://private:8380/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
Now, we want to check the http headers authentication. This should return a well formed capabilities document filled with public and protected layers:
curl -H "sec-username: CURL" -H "sec-roles: ROLE_ADMINISTRATOR" "http://private:8380/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
We change the TCP port and use the "insecure" flag. This should return the public capabilities:
curl --insecure "https://private:8443/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
If it's not and the previous steps did work, your security proxy does not work.
First thing to check is the proxy mapping in your config.
Now testing the security proxy Basic Authentication.
The following command shall return the public and protected layers:
curl --insecure --user "geoserver_privileged_user:password" "https://private:8443/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
Several potential issues if it's not :
- the security proxy can't query the LDAP,
geoserver_privileged_useris not a valid LDAP account,geoserver_privileged_userdoes not belong to theADMINISTRATORLDAP group,geoserver_privileged_user's password is incorrect.
If all the above steps are OK, go to the public interface and query the WMS service using curl:
curl "http://mysdi.org/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
Then...
curl --insecure --user "geoserver_privileged_user:password" "http://mysdi.org/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"
Finally, open QGIS and register the service with and without the privileged account.