Going through the logs some more, I spotted the first request does use the correct value to auth me, its the second request that doesn't - so maybe this will help you figure out where the potential issue is:
`2015-08-12 09:37:59,740 TRACE [org.xdi.oxauth.service.SessionIdService] Found session_id cookie: '029066fe-f176-401d-940e-babe16a2111d'
2015-08-12 09:37:59,744 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ...
2015-08-12 09:37:59,744 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu
2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Authenticating user with LDAP: username: <email>
2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by primary key: 'mail' and key value: '<email>'
2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Getting user information from LDAP: attributeName = 'mail', attributeValue = '<email>'
2015-08-12 09:37:59,747 DEBUG [org.xdi.oxauth.service.AuthenticationService] Found '1' entries
2015-08-12 09:37:59,749 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to authenticate userDN: inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu
2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.AuthenticationService] User authenticated: inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu
2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by local primary key: mail
2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.UserService] Getting user information from LDAP: attributeName = 'mail', attributeValue = '<email>'
2015-08-12 09:37:59,752 DEBUG [org.xdi.oxauth.service.UserService] Found '1' entries
2015-08-12 09:37:59,762 TRACE [org.xdi.oxauth.service.SessionIdService] Authenticated session, id = '029066fe-f176-401d-940e-babe16a2111d', state = 'authenticated', persisted = 'true'
2015-08-12 09:37:59,763 DEBUG [org.xdi.oxauth.auth.Authenticator] Sending event to trigger user redirection: '<email>'
2015-08-12 09:37:59,763 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user. SessionUser: SessionId [dn=uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, id=029066fe-f176-401d-940e-babe16a2111d, lastUsedAt=Wed Aug 12 09:37:59 UTC 2015, userDn=inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, authenticationTime=Wed Aug 12 09:37:59 UTC 2015, state=authenticated, permissionGranted=null, permissionGrantedMap=null, sessionAttributes={scope=openid profile email user_name, response_type=code id_token, nonce=nonce, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44}]
2015-08-12 09:37:59,765 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user. User: org.xdi.oxauth.model.common.User@47145cc7
2015-08-12 09:37:59,765 TRACE [org.xdi.oxauth.service.AuthenticationService] Logged in successfully! User: org.xdi.oxauth.model.common.User@47145cc7, page: /authorize.xhtml, map: {response_type=code id_token, scope=openid profile email user_name, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, nonce=nonce, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44}
2015-08-12 09:37:59,769 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for User: '<email>'
2015-08-12 09:37:59,769 TRACE [org.xdi.oxauth.auth.Authenticator] Authentication successfully for '<email>'
2015-08-12 09:38:00,135 TRACE [org.xdi.oxauth.service.SessionIdService] Found session_id cookie: '029066fe-f176-401d-940e-babe16a2111d'
2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ...
2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu
2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.auth.Authenticator] authenticateBySessionId, sessionId = '029066fe-f176-401d-940e-babe16a2111d', session = 'SessionId [dn=uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, id=029066fe-f176-401d-940e-babe16a2111d, lastUsedAt=Wed Aug 12 09:37:59 UTC 2015, userDn=inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, authenticationTime=Wed Aug 12 09:37:59 UTC 2015, state=authenticated, permissionGranted=null, permissionGrantedMap=null, sessionAttributes={scope=openid profile email user_name, response_type=code id_token, nonce=nonce, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44}]', state= 'authenticated'
2015-08-12 09:38:00,150 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ...
2015-08-12 09:38:00,151 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu
2015-08-12 09:38:00,152 TRACE [org.xdi.oxauth.service.ClientService] Get client from cache by Dn 'inum=@!A88A.9736.E2EE.A6F6!0008!9051.3D44,ou=clients,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu'
2015-08-12 09:38:00,152 DEBUG [org.xdi.oxauth.service.ClientService] Found 1 entries for client id = @!A88A.9736.E2EE.A6F6!0008!9051.3D44
2015-08-12 09:38:00,153 TRACE [org.xdi.oxauth.service.ClientService] Get client from cache by Dn 'inum=@!A88A.9736.E2EE.A6F6!0008!9051.3D44,ou=clients,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu'
2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.ClientService] Found 1 entries for client id = @!A88A.9736.E2EE.A6F6!0008!9051.3D44
2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Validating redirection URI: clientIdentifier = @!A88A.9736.E2EE.A6F6!0008!9051.3D44, redirectionUri = https://gluu.domain.com/identity/authentication/authcode, found = 3
2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Comparing https://gluu.domain.com/identity/scim/auth == https://gluu.domain.com/identity/authentication/authcode
2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Comparing https://gluu.domain.com/identity/authentication/authcode == https://gluu.domain.com/identity/authentication/authcode
2015-08-12 09:38:00,155 TRACE [xdi.oxauth.authorize.ws.rs.AuthorizeAction] checkPermissionGranted, user = org.xdi.oxauth.model.common.User@168e9d5d
2015-08-12 09:38:00,161 TRACE [xdi.oxauth.authorize.ws.rs.AuthorizeAction] permissionGranted, redirectTo: seam/resource/restv1/oxauth/authorize?response_type=code+id_token&scope=openid+profile+email+user_name&redirect_uri=https%3A%2F%2Fgluu.domain.com%2Fidentity%2Fauthentication%2Fauthcode&nonce=nonce&client_id=%40%21A88A.9736.E2EE.A6F6%210008%219051.3D44
2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Authenticating user with LDAP: username: andycoates
2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by primary key: 'mail' and key value: 'andycoates'
2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Getting user information from LDAP: attributeName = 'mail', attributeValue = 'andycoates'
2015-08-12 09:38:00,529 DEBUG [org.xdi.oxauth.service.AuthenticationService] Found '0' entries
2015-08-12 09:38:00,529 INFO [org.xdi.oxauth.auth.Authenticator] Authentication failed for 'andycoates'`