Configuring Consent Service scopes
Configure the privileged-consent-scope
and unprivileged-consent-scope
for the Consent Service.
About this task
The Consent Service checks access tokens for a subject
claim and uses an identity mapper to map the value to a distinguished name (DN), called the request DN or auth DN. If no request DN can be mapped, the request is rejected.
The Consent Service only accepts an access token with a scope that it is configured to recognize.
unprivileged-consent-scope
-
An unprivileged consent scope designates the requester as unprivileged. The scope’s name is configured with the Consent Service’s
unprivileged-consent-scope
property. privileged-consent-scope
-
A privileged consent scope designates the requester as privileged. This is configured using the Consent Service’s
privileged-consent-scope
property.
The authorization server must also be configured to issue tokens with these scopes. |
Steps
-
Configure the
privileged-consent-scope
andunprivileged-consent-scope
for the Consent Service.Example:
$ bin/dsconfig set-consent-service-prop \ --set unprivileged-consent-scope:consent \ --set privileged-consent-scope:consent_admin