By: Is An user 09 Aug 2017 at 11:54 p.m. CDT

3 Responses
Is An gravatar
Hi! I would like to protect my public APIs using UMA. I have followed your(http://gluu.org/docs/ce/3.0.1/admin-guide/uma/) document and done with the setting it up.now i want know how should i test this to check weather my configuration is correct or not.

By Aliaksandr Samuseu staff 10 Aug 2017 at 9:30 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Is An. Not really sure what exactly you need help with. To test it you could protect your application with UMA first, then see whether it works as expected (according to UMA specs). Our paid oxd server product is [UMA-enabled](https://gluu.org/docs/oxd/protocol/#uma-authorization), so it's one option. There are other products and libraries adding support for UMA to your app/api too. That's not really directly related to Gluu itself, and we limit our support for 3rd-party software.

By Is An user 11 Aug 2017 at 6:37 a.m. CDT

Is An gravatar
Thanks a lot. But i want to know after configuring resource server and resource party how do i test those to check its working properly. As a example You have given that in openid --> client Pasport Resource Server Client and Passport Requesting Party Client and set those uma authorization. I want to know how i test those. Thanks.

By Aliaksandr Samuseu staff 11 Aug 2017 at 11:11 a.m. CDT

Aliaksandr Samuseu gravatar
We have a page on UMA [here](https://gluu.org/docs/ce/3.0.2/admin-guide/uma/), it also have reference to the actual spec document. We don't have any showcases at the moment, so it's expected you'll get familiar with how protocol works, that will also give you idea of what needs to be tested. The test is actually pretty simple - it needs to prevent your access to protected resource unless you include token with required scopes attached to it in request. If it does, then it works. How to conduct this test is up to users, and is not covered by community support. Any way of intercepting and viewing HTTP requests and responses will do.