Affects Version/s: 13.0.0
It seems that the LoginState catches AuthException when does some authentication work. This looks fine. However, there is some of these code
One example is when a custom SP adapter is configure with
postSingleSignOnFailure (http://download.forgerock.org/downloads/openam/javadocs/internal/index.html?com/sun/identity/saml2/plugins/SAML2ServiceProviderAdapter.html) that passes in a errcode and if the
account is locked out, instead of getting SAML2ServiceProviderAdapter.SSO_FAILED_AUTH_USER_INACTIVE or
one gets SSO_FAILED_SESSION_GENERATION.
Notice that the searchUserProfile exactly have this issue where
the original issue is lost when SPACSUtils later needs to call say the custom SP adapter postSingleSignOnFailure.
There may be other place where the AuthException should be rethrown
rather then wrapped and thrown again.