diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClaimMappingAdminController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClaimMappingAdminController.java
index 0ac0f318..a6e6f191 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClaimMappingAdminController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClaimMappingAdminController.java
@@ -2,6 +2,7 @@ package com.cameleer3.server.app.controller;
 
 import com.cameleer3.server.core.rbac.ClaimMappingRepository;
 import com.cameleer3.server.core.rbac.ClaimMappingRule;
+import com.cameleer3.server.core.rbac.ClaimMappingService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.http.ResponseEntity;
@@ -10,6 +11,7 @@ import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
 import java.util.List;
+import java.util.Map;
 import java.util.UUID;
 
 @RestController
@@ -19,9 +21,12 @@ import java.util.UUID;
 public class ClaimMappingAdminController {
 
     private final ClaimMappingRepository repository;
+    private final ClaimMappingService claimMappingService;
 
-    public ClaimMappingAdminController(ClaimMappingRepository repository) {
+    public ClaimMappingAdminController(ClaimMappingRepository repository,
+                                       ClaimMappingService claimMappingService) {
         this.repository = repository;
+        this.claimMappingService = claimMappingService;
     }
 
     @GetMapping
@@ -74,4 +79,38 @@ public class ClaimMappingAdminController {
         repository.delete(id);
         return ResponseEntity.noContent().build();
     }
+
+    record MatchedRuleResponse(UUID ruleId, int priority, String claim, String matchType,
+                               String matchValue, String action, String target) {}
+
+    record TestResponse(List<MatchedRuleResponse> matchedRules, List<String> effectiveRoles,
+                        List<String> effectiveGroups, boolean fallback) {}
+
+    @PostMapping("/test")
+    @Operation(summary = "Test claim mapping rules against a set of claims")
+    public TestResponse test(@RequestBody Map<String, Object> claims) {
+        List<ClaimMappingRule> rules = repository.findAll();
+        List<ClaimMappingService.MappingResult> results = claimMappingService.evaluate(rules, claims);
+
+        List<MatchedRuleResponse> matched = results.stream()
+                .map(r -> new MatchedRuleResponse(
+                        r.rule().id(), r.rule().priority(), r.rule().claim(),
+                        r.rule().matchType(), r.rule().matchValue(),
+                        r.rule().action(), r.rule().target()))
+                .toList();
+
+        List<String> effectiveRoles = results.stream()
+                .filter(r -> "assignRole".equals(r.rule().action()))
+                .map(r -> r.rule().target())
+                .distinct()
+                .toList();
+
+        List<String> effectiveGroups = results.stream()
+                .filter(r -> "addToGroup".equals(r.rule().action()))
+                .map(r -> r.rule().target())
+                .distinct()
+                .toList();
+
+        return new TestResponse(matched, effectiveRoles, effectiveGroups, results.isEmpty());
+    }
 }