## Expected behavior All logins are successful. ## Actual behavior If two login attempts occurred during some milliseconds (up to several hundred milliseconds) than only the first login attempt succeed and the following attempts fail with INTERNAL SERVER ERROR 500. In the oxauth.log there are several entries about: g.gluu.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:181) - Failed to persist entry: [...] with cause by: Caused by: org.gluu.persist.exception.operation.DuplicateEntryException: Entry already exists at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.addEntryImpl(LdapOperationsServiceImpl.java:726) - If the time between two login attempts is longer than about 1 second, than all logins are successful. - If we use different credentials than everything is OK. ## Minimized example See mini bash script that do some logins in a row with same credentials ``` #!/bin/bash # Need to set all three constants to proper values export TOKEN_ISSUER_URL=https://example.com/oxauth/restv1/token export CLIENT_ID=Hidden-Client-Id export CLIENT_SECRET=My-Client-Secret loginAttempt() { runCount="$1" response=$( curl --fail --silent --show-error -X POST "${TOKEN_ISSUER_URL}" -u "${CLIENT_ID}:${CLIENT_SECRET}" -d "grant_type=client_credentials&scope=openid" ) if [[ $? -ne 0 ]]; then echo "Login failed for ${runCount}. attempt." else echo "Login succeed for ${runCount}. attempt." fi # with an additional sleep 1sec all login attempts are OK. # sleep 1 } for i in {1..10} ; do loginAttempt $i done ``` The log file is at pastebin: [LogFile](https://pastebin.com/ifUHG6Qh)