The following are general guidelines for troubleshooting the Consent Service and any connection issues. When evaluating the configuration, make sure these issues are addressed first:

  • Is the Consent Service enabled?
  • Does the Consent Service base DN exist?
  • Does the Consent Service's service account have the correct permissions?
  • If the Consent Service should accept bearer tokens:
    • Are one or more Access Token Validators correctly configured?
    • Are the identity mappers for the Access Token Validators configured correctly?
    • Are the authorization servers correctly configured to issue tokens that the Consent Service will accept? Check the audience, privileged-consent-scope, and unprivileged-consent-scope properties of the Consent Service configuration.
  • If privileged users are defined, are the members of the LDAP group specified by the Consent Service configuration's privileged-users-group-dn property?
  • If there are applications that allow individuals to manage their own consents, is the system properly configured to map actor and subject DNs? Check the Consent Service configuration's consent-record-identity-mapper property.