Checking your setup

GeoServer

Check that this returns a well formed capabilities document filled with public layers:

curl "http://private:8380/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

Now, we want to check the http headers authentication. This should return a well formed capabilities document filled with public and protected layers:

curl -H "sec-username: CURL" -H "sec-roles: ROLE_ADMINISTRATOR" "http://private:8380/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

Proxy

We change the TCP port and use the "insecure" flag. This should return the public capabilities:

curl --insecure "https://private:8443/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

If it's not and the previous steps did work, your security proxy does not work.
First thing to check is the proxy mapping in your config.

Now testing the security proxy Basic Authentication.
The following command shall return the public and protected layers:

curl --insecure --user "geoserver_privileged_user:password" "https://private:8443/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

Several potential issues if it's not : * the security proxy can't query the LDAP, * geoserver_privileged_user is not a valid LDAP account, * geoserver_privileged_user does not belong to the ADMINISTRATOR LDAP group, * geoserver_privileged_user's password is incorrect.

Apache

If all the above steps are OK, go to the public interface and query the WMS service using curl:

curl "http://mysdi.org/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

Then...

curl --insecure --user "geoserver_privileged_user:password" "http://mysdi.org/geoserver/wms?SERVICE=WMS&REQUEST=GetCapabilities"

Finally, open QGIS and register the service with and without the privileged account.