with sessiondump I can see, that session.ad.last.attr.memberOf isn't truncated ...
I now got the result with an irule, datagroup and an irule event in VPE (with branch rule matching session.custom.allowed).
when ACCESS_POLICY_AGENT_EVENT {
if {[ACCESS::policy agent_id] eq "member"} {
set user [ACCESS::session data get session.logon.last.username]
set memberOfList [split [ACCESS::session data get session.ad.last.attr.memberOf] "|"]
ACCESS::session data set session.custom.allowed "0"
foreach x $memberOfList {
if { [class match -value -- $x contains datagroup_membersOf] equals "1" } {
ACCESS::session data set session.custom.allowed "1"
log local5. "Allowed User $user - Group:$x"
}
}
}
}