APM LoginAsAnotherUser SharePoint KCD issue

I'm having a pecular issue here. I have APM in front of a sharepoint farm. Users in non trusted domains are redirected to a forms page. Trusted domains users bypass APM and go to the sharepoint site (ACCESS::disable) I added the loginasanotheruser option and now this happens:

 

On a non trusted domain computer :

 

• Loginasanotheruser request
• User is redirected the apm login page
• User is presented with an AD or Forms login (decision step)
• user chooses AD and enters a different user name and chooses a domain.
• APM authenticates the user and does constrained delegation
• User is logs to the SharePoint with the correct username (the one entered in the logon page).

Now on a trusted domain computer:

 

• Loginasanotheruser request
• user is redirected the apm login page
• user is presented with an AD or Forms login (decision step)
• user chooses AD and enters a different user name and chooses a domain.
• APM authenticates the user (apm logs) but connection to SharePoint uses the windows session user name, meaning the username of the guy logged on the the computer.

I just started trying to figure out what's happening and why APM does not trigger the KCD step in this case and I wanted to just post this here quickly before burning too much fuel on it :-)