SAML Content Redirect in APM Policy to force two-factor Authentication

I have a use case to force any HTTP(s) traffic containing SAML assertion data to force a two-factor authentication in my APM policy. If no SAML data is present, full resource assign takes place.

 

Is this possible ? If so, what is a specific iRule Event that I can use ?