Divert first web request after policy allow to a URI
I have a garden-variety webtop with a handful of portals on it. But we have a requirement that the user that authenticated must have accepted our site's most recent terms and conditions before continuing. These are external business partners, and that is tracked in a separate database that the F5 can't read.
We want APM, upon successful authentication, to redirect the user to a webserver that checks, prompts the user to accept the terms if they haven't already, and then redirect back when done - then the user gets to see the webtop, select a portal, and carry on with their session. If they don't accept, the session is to be dropped.
That server is not exposed outside, so we want this redirect to occur through the portal, meaning that the client browser needs to see a URI that is the encoded & rewritten address for the Ts&Cs server that will be resolved inside.
I tried ending the policy with a redirect and keep session open after the resource assign, but that isn't allowed with portals. Modification of the session.server.landinguri doesn't seem to have any effect.
Is there a way to approach this like 2FA? Or something completely different?
Thanks,