this is my goal:
after the authentication on SSLVPN, user can access to some resources if his pc is on the right domain or can access to other resources if his pc is not on the right domain.
I can check the domain on the pc using host checker, but this is not what I really need because if the check fails (right domain or not) the user must enter in every case.
You can apply the host checker for the windows domain to the resource level instead of the role or realm. Then the failure will only affect access to that resource for the role.