The following topic discusses troubleshooting possible error cases and solutions.
Consent Service is unavailable
If the Consent Service is unavailable, check the following:
- Ensure that the service is enabled and that communication with the service is available.
- Confirm that the service account for the Consent Service has been properly provisioned.
- If the Consent Service resides on a PingDirectoryProxy server, make sure that the service account exists on the PingDirectoryProxy server and all PingDirectory servers behind the PingDirectoryProxy server.
Requester lacks sufficient rights to perform operation
A request might be rejected with a 403 for the following reasons:
- The bearer token does not contain a required scope. Check the
privileged-consent-scope
andunprivileged-consent-scope
properties of the Consent Service configuration. - The bearer token does not contain a required
audience
claim. Check theaudience
property of the Consent Service configuration. - Authentication was successful, but the requester is
unprivileged
and attempted to perform an operation that only aprivileged
requester can perform. For example, the requester attempted to act upon a consent record that it does not own, or it attempted to delete a consent record.
When using basic authentication, the requester must be listed in the Consent Service
configuration service-account-dn property to be considered
privileged
.
Subject and actor do not match
Only a privileged
requester can create
or
modify
a consent record whose subject and
actor values do not match.
Unindexed search
The Consent Service doesn't allow a client to make an unindexed search. In most cases, a client should be able to fix this by refining the search. For example, if a search by subject is unindexed, perform a search by subject and definition ID.
Search size limit exceeded
The Consent Service caps the maximum number of records that can be returned in a search result using its search-size-limit configuration property. This limit can be increased, or the client might be able to refine the search to produce fewer results.