You can adapt java loginHelper.createSession and configure multiple redirects. I did this to pass extra parameters to a deeplink.
if (indexconfig != null && !indexconfig.toString().trim().isEmpty())
indexpage = "../" + indexconfig.toString().trim();
if (parameter!= null && !parameter.isEmpty()){
indexpage = "../link/mydeeplink/" + parameter;
}
SSOConfiguration.log.trace("redirect to " + indexpage);
SSOConfiguration.redirect(response, indexpage);
adapt the doGet from kerberosAuthenticator
protected void doGet(IMxRuntimeRequest request, IMxRuntimeResponse response, boolean retry) throws IOException, ServletException
{
String auth = request.getHeader("Authorization");
String parameter = request.getParameter("parameter");
SSOConfiguration.log.trace("parameter" + parameter);
pass the parameter to the createSession