When evaluating the configuration:

  • Make sure that the Consent Service is enabled.
  • Make sure that the Consent Service base distinguished name (DN) exists.
  • Make sure that the Consent Service's service account has the correct permissions.
  • If the Consent Service should accept bearer tokens, make sure that:
    • One or more access tokenaccess token A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources. validators are configured correctly.
    • The identity mappers for the access token validators are configured correctly.
    • The authorization servers are configured correctly to issue tokens that the Consent Service can accept. Check the audience, privileged-consent-scope, and unprivileged-consent-scope properties of the Consent Service configuration.
  • If privileged users are defined, make sure that the members of the LDAPLDAP (Lightweight Directory Access Protocol) An open, cross platform protocol used for interacting with directory services. group are specified by the Consent Service configuration's privileged-users-group-dn property.
  • If there are applications that allow individuals to manage their own consents, make sure that the system is properly configured to map actor and subject DNs. Check the Consent Service configuration's consent-record-identity-mapper property.