You should include the white-list check inside the authentication handler throwing an exception if the user is not whitelisted...
... then catch the exception inside an authentication failure handler and perform the redirect in there.
See this answer for more information on how to configure the failure_handler
service and implement the onAuthenticationFailure()
method in there.