iRule needed for setting variables using/checking client certificates

Update: i went into the access policy and added a client cert check and set the virtual server to request a client cert and check for trusted CA. So when it passes it goes to just an active directory login and when it fails it does the whole 2 factor mechanisim. but the feed back i got was that the client cert pop-up my confuse the users. Is there a way to have another webpage that they can go to get clien t checked first for example: user goes to www.page.company.com -> gets client cert prompt -> if passes, gets redirected to normal page with a variable set, or it fails and gets passed with no varriable set. The second page would be SSL as well and would be able to sort the access policy based on that variable?