How to switch AAA server based on user input?
I'm trying to move an internal client from Microsoft ISA Server to our F5 APM (running 11.4). The client isn't doing anything too fancy -- they're using ISA's SSO listener to present a form, and translating it to NTLM credentials on the back-end.
I've done this before, but only with users authenticating to a single AD domain. This client's logon form includes a radio button, where the user can select one of several domains to authenticate against.
Conceptually, it's easy enough. I need to see what a certain HTML form variable is set to, and based on that value, select which AAA server to use. I just don't know the F5-ish way to do this.
In the Visual Policy Editor, for a single domain, it's just "Logon Page --> AD Auth". I assume that, between those two, I need to put in some sort of decision node, switching based on form input (if session.logon.last.domain == 'DOM1' follow this branch, and so on, and if none of the above go straight to a deny). But I can't quite suss out the F5 way to do this. Nothing in Branch Rules looks like it can act on a form input. What am I overlooking?