FYI I have just submitted the pull request for AS7-3525, I have been testing various sceneraios from web apps accessing EJBs to remote EJB clients both making multiple calls over a connection and running the client multiple times to get multiple connections and there is now only a single authentication in the JAAS domain for an individual user.