You can dump LDAP entry storing oxAuth's configuration and edit it manually. This particular configuration is stored in `oxAuthConfDynamic` attribute. It's actually a JSON object, which may, or may not be additionally base64-encoded (depending on version).
Back up your instance before proceeding.
First, store your LDAP root password in `/tmp/.dpw`. Then dump the entry: `# opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X -D 'cn=directory manager' -j /tmp/.dpw -b 'o=gluu' -z 10 '(&(objectclass=oxauthconfiguration))' oxAuthConfDynamic`
If it's base64-encoded, you can append `| grep -v '^dn\:\ ' | cut -d' ' -f2 | base64 -d` to get it in cleartext.
Then edit the JSON, addign a new property:
Then build LDIF file like this:
Use DN of the configuration entry you got with the previous command. If original value of `oxAuthConfDynamic` was base64-encoded, you'll need to encode your edited JSON as well first; note that for base64-encoded string you need to put double colon after attribute name: `oxAuthConfDynamic::`
If it wasn't base64-encoded, you'll need to put it in cleartext - but first turn it into a one-liner kind of JSON object (remvoe all newlines from it). Use a single colon in such case: `oxAuthConfDynamic:`
To apply the LDIF use this: `# /opt/opendj/bin/ldapmodify -h 127.0.0.1 -p 1636 -Z -X -D 'cn=directory manager' -j /tmp/.dpw -f YOUR_LDIF.ldif`