DATAGROUP :- Allow URI based on group

I am trying to setup an irule or VPM policy that will match with DATAGROUP and allow URI based on group. For Example, URI /test1 will allow for finance and /test2 will allow only for HR.

 

The Group will be return by saml assersition. can someone help for this??

 

DataGRoup {

 

xyz.com/test1: finance xyz.com/test2: HR }

 

when ACCESS_SESSION_STARTED { set allowed [ACCESS::session data get session.saml.last.attr.name.Group]

 

if { [class match [string tolower [HTTP::uri]] eq "allowed-group" ] }{ if { [class match -value $allowed eq "allowed-group" ] }{ Do not interfere (Allowed) return } else { Not allowed HTTP::redirect "http:yahoo.com" } } else { HTTP::redirect "http:google.com" } }