diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java
index 6d0e6963e9a..455cf28a4d4 100644
--- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java
+++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java
@@ -89,10 +89,6 @@ public class JaspiAuthenticator implements Authenticator
   
         JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
         request.setAttribute("org.eclipse.jetty.security.jaspi.info", info);
-        
-        //TODO janb - removed deferred authentication temporarily
-       /* if (_allowLazyAuthentication && !mandatory)
-            return _deferred;*/
 
         Authentication a = validateRequest(info);
         
diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
index 52018e87c09..3bb748a8614 100644
--- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
+++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
@@ -213,6 +213,9 @@ public class FormAuthModule extends BaseAuthModule
             if (form_cred != null)
             {
                 System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
+                
+                //TODO: we would like the form auth module to be able to invoke the loginservice.validate() method to check the previously authed user
+                
                 boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
                 if (success) { return AuthStatus.SUCCESS; }
             }
@@ -279,7 +282,7 @@ public class FormAuthModule extends BaseAuthModule
             if (!loginCallbacks.isEmpty())
             {
                 LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();
-                FormCredential form_cred = new FormCredential(username, pwdChars, loginCallback.getUserPrincipal());
+                FormCredential form_cred = new FormCredential(username, pwdChars, loginCallback.getUserPrincipal(), loginCallback.getSubject());
 
                 session.setAttribute(__J_AUTHENTICATED, form_cred);
             }
@@ -312,12 +315,15 @@ public class FormAuthModule extends BaseAuthModule
         char[] _jPassword;
 
         transient Principal _userPrincipal;
+        
+        transient Subject _subject;
 
-        private FormCredential(String _jUserName, char[] _jPassword, Principal _userPrincipal)
+        private FormCredential(String _jUserName, char[] _jPassword, Principal _userPrincipal, Subject subject)
         {
             this._jUserName = _jUserName;
             this._jPassword = _jPassword;
             this._userPrincipal = _userPrincipal;
+            this._subject = subject;
         }
 
         public void valueBound(HttpSessionBindingEvent event)