Can you post more code? The full code for authenticator and applicationUser would be good. Also more details about where in the lifecycle this exception occurs, is it straight after the login button is pressed or is it subsequent pages.
I think the problem you are probably having is that it looks like you have not specified the scope of the authenticator (and possibly applicationUser), which means that they will be bound to EVENT scope (which is probbly fine for the authenticator, but you would want applicationUser to be bound to SESSION scope).
ty, it was the SCOPE indeed.