There are a few symptoms of this:
1. When calling the end_session service when there are multiple clients in a session, validation of the `post_logout_redirect_uri` fails for all but one of them
2. If `post_logout_redirect_uri` validation succeeds for the lucky client, the other clients don't receive their front-channel logout.
Cutting to the chase, it looks like the issue was introduced with [this commit](https://github.com/GluuFederation/oxOrm/commit/557355a7b592b63c9a1ff48839009127e96d1479).
With this change, `org.gluu.oxauth.model.registration.Client` now inherits the `hashCode()` and `equals()` methods from `org.gluu.persist.model.base.Entry`.
This is a problem because `org.gluu.oxauth.model.registration.Client` overrides the `dn` property of `Entry`, such that `hashCode()` and `equals()` are now being computed based on `Entry`'s dn, which is `null`.
This causes "very bad things" to happen with collections of `Client`s, for example: [here](https://github.com/GluuFederation/oxAuth/blob/9523eb2ed86d46d69cb39d3c79262444d0ab3157/Server/src/main/java/org/gluu/oxauth/service/ClientService.java#L109-L127) where only the first client ever gets added to the resulting `Set` since all instances of `Client` have the same hashCode and are equals() to each other.