As a profile of OAuth 2.0 that is complementary to OpenID Connect, UMA defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of any API or web resource.
The Gluu Server acts as an UMA authorization server (AS) and provides an interface for scripting your organization’s unique policies for access management.
How it works:
Deploy a Gluu Server or OX.
Protect your app with UMA RS code, like mod_ox.
Define Scopes in oxTrust.
Create and associate resource sets with scopes.
Create and associate policies with scopes.
Enterprise Web Access Management
Controlling who can get to what websites has been an important objective for organizations for more than a decade. Previous WAM solutions were based on proprietary software and processes.
Stepped Up Authentication
Certain parts of a website might require stronger authentication. UMA gives organizations the ability to define a minimum type of authentication that’s needed to access a certain website or even a part of the website.
API Access Management
OAuth 2 requires companies to issue client ID’s and passwords to partners. UMA enables organizations to define which clients can access which API’s or even which functions within an API.