We're looking into this question. One thing I'd like to point out is that that wiki page you are referencing is very old: from 2012. Can you paste in the client configuration ldif? For example # /opt/opendj/bin/ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -b "o=gluu" -s base 'inum=<client-id>' Replace `<client-id>` with your client id, and writing the password (temporarily) to ~/.pw (same as admin password). Don't forget the single quotes for the filter, otherwise bash will get messed up by the !.

Hmm, I executed the following command: `GLUU.root@numero-gluu:~# /opt/opendj/bin/ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -b "o=gluu" -s base 'inum=@!EF13.7A01.1BA5.250A!0001!80EA.221C!0008!787A.F7B8'` And got nothing in response. (I deliberately corrupt the ~/.pw file and got an 'Invalid Credentials' response so I think that part is ok. I cut'n'pasted the inum from the web interface so I'm confident that value is correct.

I'm sorry, my mistake. Take out the "-s base"...

dn: inum=@!EF13.7A01.1BA5.250A!0001!80EA.221C!0008!787A.F7B8,ou=clients,o=@!EF13 .7A01.1BA5.250A!0001!80EA.221C,o=gluu oxAuthScope: inum=@!EF13.7A01.1BA5.250A!0001!80EA.221C!0009!764C,ou=scopes,o=@!E F13.7A01.1BA5.250A!0001!80EA.221C,o=gluu oxAuthScope: inum=@!EF13.7A01.1BA5.250A!0001!80EA.221C!0009!43F1,ou=scopes,o=@!E F13.7A01.1BA5.250A!0001!80EA.221C,o=gluu oxAuthScope: inum=@!EF13.7A01.1BA5.250A!0001!80EA.221C!0009!F0C4,ou=scopes,o=@!E F13.7A01.1BA5.250A!0001!80EA.221C,o=gluu oxPersistClientAuthorizations: true oxAuthAppType: web oxLastAccessTime: 20151215172651.210Z oxAuthResponseType: code oxAuthResponseType: id_token oxAuthClientSecret: pYcTYmromwzigWlD/QdO3sa/hrLAKVof oxAuthPostLogoutRedirectURI: https://saserver1/vouch/core/gluucb objectClass: oxAuthClient objectClass: top oxAuthTokenEndpointAuthMethod: client_secret_jwt oxAuthRedirectURI: https://saserver1/vouch/core/gluucb oxAuthTrustedClient: false oxAuthIdTokenSignedResponseAlg: RS256 displayName: cj inum: @!EF13.7A01.1BA5.250A!0001!80EA.221C!0008!787A.F7B8

ok, that's helpful. Now I'll push this to the developers to take a look at.

No problem, thanks for taking a look :)

The bug is fixed now. The fix will be include in v2.4.1 eta Wednesday 12/23. https://github.com/GluuFederation/oxAuth/issues/109

As Javier mentioned, the bug has been fixed. We're going to include it in the next update, 2.4.1. ETA for that release is Wednesday 12/23. I'll update this ticket when 2.4.1 has been pushed.

Hi, I'm seeing this issue in an ASP.net 5 MVC6 app. I see the 2.4.1.final.war files posted; should I follow a manual procedure to update from CE 2.4.0 or should I wait?

We're about to release 2.4.1, hopefully by Monday. This will have an update script you can run which will update the schema, install and expand the war files, and move any customizations. Its probably better to just wait at this point...