Finally, I got it working.
I just needed to set the password reset of the Liferay user to true whenever I found out that the user's password modified date as null in the auto login implementation. Liferay's PortalRequestProcessor has an internal logic to return to update password page if it sees the user's passwordReset flag as true.
public class MyAutoLogin implements AutoLogin
{
@Override
public String[] login(HttpServletRequest request, HttpServletResponse response) throws AutoLoginException
{
//Get user details from auto Login request params
if (null == user.getPasswordModifiedDate())
{
user.setPasswordReset(true);
return credentials;
}
return null;
}
}
By returning credentials inside the if condition I ensured that Auto Login is enabled only for those users who have not changed their password even once post their account creation on Liferay.