Custom user attribute validator - how to invoke failure

I just wrote a custom Authenticator SPI that’s supposed to check some of the user custom attributes, and depending on that, either let the user login or fail with an error message displayed in the browser.

I’ve added this SPI to my Browser bound login Flow, but now I can’t simply invoke a failure with context.failure().

Whatever I do, the user’s login attempt will be failed, but is there any chance the user ends up back on the login username and password form, instead of displaying this error without the form?

Only way I managed to do something remotely close is with e.g.


but then I have multiple issues with all the Freemarker beans not being set in login.ftl.

Would greatly appreciate any help