Tailing oxauth log will give us the reason of this behavior.

Get something like this: ``` 2016-01-25 13:33:24,434 ERROR [xdi.oxauth.authorize.ws.rs.AuthorizeAction] There is already existing session which has another acr then basic, session: xxx-xxx-xxx-xxx 2016-01-25 13:33:24,434 ERROR [xdi.oxauth.authorize.ws.rs.AuthorizeAction] Please perform logout in order to be able login with new ACR value. 2016-01-25 13:33:24,434 TRACE [xdi.oxauth.authorize.ws.rs.AuthorizeAction] permissionDenied 2016-01-25 13:33:24,434 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Looking for the error with id: access_denied 2016-01-25 13:33:24,434 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Found error, id: access_denied ```

Are you using a custom authentication script? If so which one? Also, what client are you using?

Found out that the ubuntu package upgrade is faulty. Not all components were upgraded to 2.4.1-1 with an apt-get upgrade. Anyway, this issue is absent in a 2.4.1-1 I booted from scratch