but the authentication fails
How is authentication handled - does it take URL parameters into account? If you're using container-managed security (which is based on the
login-config and
auth-constraint elements, by the way, not
user-data-constraint) you won't be able to log in automatically in this way.
I think, you can't pass parameters while redirecting.
Yes, you can.