Authentication fails with Java 11 but is successful with Java 8

[gmextec]

Hello

I was able to connect and interact with the HSM server using PKCS11 from Java 8 - just like in the sample code using the method PKCS11#C_Login(sessionHandle, CKU_USER, pin)
But I have problems to connect to the same server using Java 11 (OpenJDK 11.0.2)

I'm getting a KeyStore instace but when I try to load it I am getting sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INVALID at PKCS11.C_Login

Provider p = Security.getProvider("SunPKCS11");
p = p.configure(pkcs11ConfigPath);
Security.addProvider(p);
KeyStore ks = KeyStore.getInstance("PKCS11", provider);
ks.load(null, pin.toCharArray());

Looking at the sun.security.pkcs11.SunPKCS11#login method it seems the C_Login method is called with pin=NULL if using CKF_PROTECTED_AUTHENTICATION_PATH. And indeed I see the token I'm connecting to has this flag

Slot info for slot 0:
  slotDescription: NAE Device                                                      
  manufacturerID: Thales, Inc.                    
  flags: CKF_TOKEN_PRESENT
  hardwareVersion: 1.00
  firmwareVersion: 1.00
Token info for token in slot 0:
  label: PKCS #11 Provider               
  manufacturerID: Thales, Inc.                    
  model: CAP             
  serialNumber: 1               
  flags: CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_PROTECTED_AUTHENTICATION_PATH | CKF_DUAL_CRYPTO_OPERATIONS | CKF_TOKEN_INITIALIZED | CKF_SECONDARY_AUTHENTICATION

I'm using Client_Compatibility_Mode=CipherTrust and CAPD for C version 8.16.0.030
Please advise how to connect to the CipherTrust server with Java 11. I would contribute a PR with my sample code for Java 11.
Thanks