Use POSTed form data to identify logout action for login enforcement?
Hiya, I'm new to ASM and I've got it running on a shiny new 11.2.0 BigIP.
I'm setting up a policy and want to be able to correlate events with logged-on users and their sessions. I believe a good way to do that would be to leverage "login enforcement" using preconfigured login pages and logout pages. I believe those are the triggers for establishing and terminating sessions. Please correct me if I'm wrong.
So I've set up a login page with access validation criteria and it works great. I used the URL which is the POST target of a forms-based login page and I see in the logs that the username area is filled in when I log on. Cool!
Now I want to configure the logout URL so ASM can know when a session is terminated. All I see is the ability to enter an explicit logoff URL. In my case the application performs logoff via form submission with a logout parameter set. Is there a way to tell ASM to end a session when the logout action is POSTed to a specific URI?