I am trying to replicate the environment demoed on https://www.youtube.com/watch?v=zVdUFcEAwPU. I have oxAuth running properly on a remote CentOS server. I have obtained the ResourceServer and RequestingParty maven projects from the Gluu repository. The projects run locally on Eclipse, on a Tomcat 7 server. During the execution of the ResourceServer.. the RS is able to obtain its PAT. But when it tries to make changes to resource set using the following request, it receives a 404 error from oxAuth: 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> PUT /oxauth/seam/resource/restv1/host/rsrc/resource_set/resource_set/1430337855139 HTTP/1.1 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Authorization: Bearer 1234567-1234-111-1231-12345667 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Accept: application/json 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Accept-Encoding: gzip, deflate 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Content-Length: 284 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Content-Type: application/json 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Host: myoxAuthServer.com 2015-04-29 16:04:15,301 DEBUG [org.apache.http.headers] >> Connection: Keep-Alive 2015-04-29 16:04:15,302 DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.2.2 (java 1.5) 2015-04-29 16:04:15,302 DEBUG [org.apache.http.wire] >> "{"name":"Gluu phones","icon_uri":null,"scopes":["http://localhost:8000/oxuma-rs/ws/scope/view","http://localhost:8000/oxuma-rs/ws/scope/edit","http://localhost:8000/oxuma-rs/ws/scope/add","http://localhost:8000/oxuma-rs/ws/scope/remove","http://localhost:8000/oxuma-rs/ws/scope/all"]}" 2015-04-29 16:04:15,324 DEBUG [org.apache.http.wire] << "HTTP/1.1 404 Not Found[\r][\n]" 2015-04-29 16:04:15,324 DEBUG [org.apache.http.wire] << "Date: Wed, 29 Apr 2015 19:59:48 GMT[\r][\n]" 2015-04-29 16:04:15,324 DEBUG [org.apache.http.wire] << "Content-Type: text/html;charset=utf-8[\r][\n]" 2015-04-29 16:04:15,324 DEBUG [org.apache.http.wire] << "Content-Language: en[\r][\n]" 2015-04-29 16:04:15,324 DEBUG [org.apache.http.wire] << "Content-Length: 1379[\r][\n]" 2015-04-29 16:04:15,325 DEBUG [org.apache.http.wire] << "Set-Cookie: JSESSIONID=785C29224F39EC31FFFED6B8167123456; Path=/oxauth/; Secure; HttpOnly;HttpOnly[\r][\n]" 2015-04-29 16:04:15,325 DEBUG [org.apache.http.wire] << "Connection: close[\r][\n]" 2015-04-29 16:04:15,325 DEBUG [org.apache.http.wire] << "[\r][\n]" Going through the logs I noticed that the term resource_set/ is repeated twice in the URL. Removing one of them and making the request again returns the following JSON from the oxAuth server: {"error":"invalid_client_scope","error_description":"The requested scope is invalid, unknown, or malformed."} What is wrong with this process? should there be two resource_sets/ in the URL? and Other than adding the ResourceServer to the Gluu server as a Client, do I have to add any resource sets or policies too for the above request to work? Note: At the moment I have added: 'http://docs.kantarainitiative.org/uma/scopes/prot.json' and 'uma_protection' both as the scopes of the ResourceServer client within the Gluu server.