Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
The Consent Service checks access tokens for a subject claim and uses an identity mapper to map the value to a DN, called the request DN or auth DN. If no request DN can be mapped, the request is rejected. In addition, the Consent Service will only accept an access token with a scope that it is configured to recognize.
- An unprivileged consent scope designates the requester as unprivileged. The scope's name is configured with the Consent Service's unprivileged-consent-scope property.
- A privileged consent scope designates the requester as privileged. This is configured using the Consent Service's privileged-consent-scope property.
The authorization server must also be configured to issue tokens with these scopes.
The following example configures these scopes for the Consent
$ bin/dsconfig set-consent-service-prop \ --set unprivileged-consent-scope:consent \ --set privileged-consent-scope:consent_admin