Hi, Andreas. Please provide a link to the doc page you followed when you were upgrading your instance.

Hallo Aliaksandr, I followed this doc page when I upgraded the instance: https://gluu.org/docs/ce/3.1.4/upgrade/ The Part Upgrade from 3.1.x to 3.1.4 Step 1 to 5

Hi, Andreas. It turns out there was a bug in the script, which was fixed later, according to its author. So you could try to conduct upgrade again from scratch, or resort to manual editing. There is an internal doc developer provided for the later: `IDP Client` is an important oxAuth client to make Shibboleth work in Gluu Server 3.1.4. After upgrade, you might find it misconfigured. This doc is showing how we can re-configure / re-construct `IDP Client` in 3.1.4. - Find "IDP Client" client registration entry on "OpenID Connect -> Clients" page - Assign `inum` to it: - First we need to assign a custom inum for this oxauth client. - There is no hard rule while constructing inum for this entry but make sure first seven parts maching with other clients and it goes with your own appliance identification number. `@!18B2.0B8D.E469.44F9!0001!B391.7220!0008!...` - It's better to use ldapmodify command with the combination of ldif to make this modification. - Modify configuration in `oxIDP` ldap entry - We need to reconfigure couple of entries in `oxConfApplication` attribute which is under `ou=oxidp,ou=configuration,inum=@xxx.xxx.xxx,ou=appliances,o=gluu` DN - `openIdClientPassword`: make sure this base64 encoded password sync with password which is included in `IDP Client` client entry. - `openIdRedirectUrl`: Correct value for this attribute will be `https://[hostname]/idp/Authn/oxAuth` - `openIdClientId`: This is the `inum` ( new inum which you just created for `IDP Client` ) of `IDP Client` - Restart `idp` service.

Thank you for the answer problem was the "openIdRedirectUrl". After changing it manually in LDAP it worked out fine.