DelegatingNegotiateSecurityFilter is not using the customAuthentication returned from the delegated authentication manager for the call to the success handler.
protected boolean setAuthentication(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) {
try {
if (this.authenticationManager != null) {
DelegatingNegotiateSecurityFilter.LOGGER.debug("Delegating to custom authenticationmanager");
final Authentication customAuthentication = this.authenticationManager.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(customAuthentication);
}
if (this.authenticationSuccessHandler != null) {
try {
this.authenticationSuccessHandler.onAuthenticationSuccess(request, response, authentication);
} catch (final IOException | ServletException e) {
DelegatingNegotiateSecurityFilter.LOGGER.warn("Error calling authenticationSuccessHandler: {}",
e.getMessage());
DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
return false;
}
}`