diff --git a/pom.xml b/pom.xml
index 7967e575491fd1906caba9ac6f2ea75a76912a02..95e873cb8049c049c864a44fe28631205f485956 100644
--- a/pom.xml
+++ b/pom.xml
@@ -257,7 +257,7 @@
 		<dependency>
 			<groupId>org.pac4j</groupId>
 			<artifactId>pac4j-oauth</artifactId>
-			<version>2.3.1</version>
+			<version>3.4.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.corundumstudio.socketio</groupId>
diff --git a/src/main/java/de/thm/arsnova/security/pac4j/OauthCallbackFilter.java b/src/main/java/de/thm/arsnova/security/pac4j/OauthCallbackFilter.java
index 1b6023f39fa734b15ebb5c5015eaab38ea7069da..49d3a03b4556b07d9b1bf5f195cdea780f3f7c14 100644
--- a/src/main/java/de/thm/arsnova/security/pac4j/OauthCallbackFilter.java
+++ b/src/main/java/de/thm/arsnova/security/pac4j/OauthCallbackFilter.java
@@ -20,6 +20,8 @@ package de.thm.arsnova.security.pac4j;
 import org.pac4j.core.client.Client;
 import org.pac4j.core.client.Clients;
 import org.pac4j.core.client.IndirectClient;
+import org.pac4j.core.client.finder.ClientFinder;
+import org.pac4j.core.client.finder.DefaultCallbackClientFinder;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.context.J2EContext;
 import org.pac4j.core.credentials.Credentials;
@@ -38,6 +40,7 @@ import org.springframework.stereotype.Component;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.Collections;
+import java.util.List;
 
 /**
  * Handles callback requests by login redirects from OAuth providers.
@@ -47,6 +50,7 @@ import java.util.Collections;
 @Component
 public class OauthCallbackFilter extends AbstractAuthenticationProcessingFilter {
 	private static final Logger logger = LoggerFactory.getLogger(OauthCallbackFilter.class);
+	private final ClientFinder clientFinder = new DefaultCallbackClientFinder();
 	private Config config;
 
 	public OauthCallbackFilter(Config pac4jConfig) {
@@ -58,24 +62,30 @@ public class OauthCallbackFilter extends AbstractAuthenticationProcessingFilter
 	public Authentication attemptAuthentication(
 			final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse)
 			throws AuthenticationException {
-		CommonProfile profile = retrieveProfile(new J2EContext(httpServletRequest, httpServletResponse));
+		final String clientName = httpServletRequest.getParameter("client_name");
+		final CommonProfile profile = retrieveProfile(new J2EContext(httpServletRequest, httpServletResponse), clientName);
 		return getAuthenticationManager().authenticate(new OAuthToken(null, profile, Collections.emptyList()));
 	}
 
-	private CommonProfile retrieveProfile(J2EContext context) throws AuthenticationServiceException {
+	private CommonProfile retrieveProfile(final J2EContext context, final String clientName)
+			throws AuthenticationServiceException {
 		/* Adapted from Pac4j: org.pac4j.core.engine.DefaultCallbackLogic.perform */
-		Clients clients = config.getClients();
+		final Clients clients = config.getClients();
 		CommonHelper.assertNotNull("clients", clients);
-		Client client = clients.findClient(context);
-		logger.debug("client: {}", client);
-		CommonHelper.assertNotNull("client", client);
-		CommonHelper.assertTrue(client instanceof IndirectClient,
+		final List<Client> foundClients = clientFinder.find(clients, context, clientName);
+		CommonHelper.assertTrue(foundClients != null && foundClients.size() == 1,
+				"unable to find one indirect client for the callback: check the callback URL for a client name parameter or suffix path"
+						+ " or ensure that your configuration defaults to one indirect client");
+		final Client foundClient = foundClients.get(0);
+		logger.debug("client: {}", foundClient);
+		CommonHelper.assertNotNull("client", foundClient);
+		CommonHelper.assertTrue(foundClient instanceof IndirectClient,
 				"only indirect clients are allowed on the callback url");
 
 		try {
-			Credentials credentials = client.getCredentials(context);
+			Credentials credentials = foundClient.getCredentials(context);
 			logger.debug("credentials: {}", credentials);
-			CommonProfile profile = client.getUserProfile(credentials, context);
+			CommonProfile profile = foundClient.getUserProfile(credentials, context);
 			logger.debug("profile: {}", profile);
 
 			return profile;