Troubleshooting the Consent Service
This section provides general guidelines for troubleshooting the Consent Service and any connection issues.
When evaluating the configuration:
-
Make sure that the Consent Service is enabled.
-
Make sure that the Consent Service base distinguished name (DN) exists.
-
Make sure that the Consent Service’s service account has the correct permissions.
-
If the Consent Service should accept bearer tokens, make sure that:
-
One or more access token validators are configured correctly.
-
The identity mappers for the access token validators are configured correctly.
-
The authorization servers are configured correctly to issue tokens that the Consent Service can accept. Check the
audience
,privileged-consent-scope
, andunprivileged-consent-scope
properties of the Consent Service configuration.
-
-
If privileged users are defined, make sure that the members of the Lightweight Directory Access Protocol (LDAP) group are specified by the Consent Service configuration’s
privileged-users-group-dn
property. -
If there are applications that allow individuals to manage their own consents, make sure that the system is properly configured to map
actor
andsubject
DNs. Check the Consent Service configuration’sconsent-record-identity-mapper
property.