Thanks Aaron for your input.
After navigating to one of the link, found the following but it is checking only for domain name, how do I get the username from it:
when HTTP_REQUEST {
Check for Authorization header value starting with NTLM before trying to parse the request.
if {[string tolower [HTTP::header Authorization]] starts_with "ntlm"}{
if { [b64decode [getfield [HTTP::header Authorization] " " 2]] matches_regex {([Tt].[Ee].[Ss].[Tt].[Dd].[Oo].[Mm].[Aa].[Ii].[Nn])} } {
HTTP::respond 200 content {
Apology Page
You are not allowed to authenticate as your user belongs to testdomain ...
}
}
}}