After upgrading from 4.5.6 to users receive a 400 bad request after their session is expired and they re-authenticate.
I did these tests only with the IDMProv application (landing doesn't seem to be affected):

User logs in --> ok
Session expires after 20 mins --> user clicks somewhere in the interface --> user is redirected to osp login page
User logs in again --> User receives a white page on IDMPROV/oauth?code=xxxx.. with a 400 bad request http code

In the log file you see:
2017-10-30 16:10:10,194 [http-bio-] ERROR com.netiq.idm.auth.oauth.OAuthServlet- [RBPM] OAuth server login failed. Error code returned was null.

When you receive the 400 bad request error you can refresh the page nothing happens.
However, if you go back to the main page eg /IDMProv login works again.

Version 4.5.6 is not affected by this problem.

Does somebody seen a similar behavior?

Kind regards,