For me it looks like LoginListener.observePreLoginEvent() takes the original URL (which is /wal/interactive/1 in your case) and then appends all query parameters to this base URL (see if (requestParameterMap != null) block).
So for me it looks like Seam Security is messing things up here. There are some options for you in this case:
1. Manually overwrite the URL in the session map with the correct one.
2. Create your own LoginListener by extending the existing one and annotating it with @Spezializes. Then overwrite observePreLoginEvent and fix the code.
3. Do the redirect yourself
Do you play Magic?
Get TopDecked MTG, the #1 Magic App, built by players, for players. Free to use, forever.