This section provides general guidelines for troubleshooting the Consent Service and any connection issues.
When evaluating the configuration:
- Make sure that the Consent Service is enabled.
- Make sure that the Consent Service base distinguished name (DN) exists.
- Make sure that the Consent Service's service account has the correct permissions.
- If the Consent Service should accept bearer tokens, make sure that:
- One or more access token validators are configured correctly.
- The identity mappers for the access token validators are configured correctly.
- The authorization servers are configured correctly to issue tokens that the
Consent Service can accept. Check the
audience
,privileged-consent-scope
, andunprivileged-consent-scope
properties of the Consent Service configuration.
- If privileged users are defined, make sure that the members of the LDAP group are specified by the Consent Service configuration's
privileged-users-group-dn
property. - If there are applications that allow individuals to manage their own consents, make
sure that the system is properly configured to map
actor
andsubject
DNs. Check the Consent Service configuration'sconsent-record-identity-mapper
property.