I want to achieve the following:
When a user is in a specific LDAP group there should be an additional authentication (google authenticator).
After that additional authentication there should be a redirect to another path on the same site. This redirect should happen for all users (so for users who are in that specific ldap group and how are not).

I created a role for reading the ldap group, made an authorization policy which is evaluating this role and do an action on that condition with Re-authenticate with Contract to the another contract.
But how can I do a redirect after that authentication. I created a URL path condition with a lower priority in the same authorization policy but the redirection won't happen.
It looks like that when a re-authenticate is done, the next rule is not evaluated anymore.

When I do not use the re-authenticate rule the redirection is working fine