OK, well in order for Authorization to work, you have to be authenticated first. So Spring needs the Authentication loaded into the SecurityContext. If you can find a way to load the authentication for that third party app, then you are good to go.
You can always implement the UserDetails Service to use that third party as its mechanism. UserDetailsService is fully extensible.