We have a Cisco ASA, and are using it for several WebVPN (a.k.a SSL VPN) connections.
Based on the URL, they are placed in various group profiles. For example https://asa.mydomain.com/test will put them in the Test connection profile, while https://asa.mydomain.com/prod will put them in the Prod connection profile.
This is working fine, however, we'd like to be able to log (in the ASA log) the exact URL a user used to begin their session. Is that possible?
This isn't possible. If I had to guess without seeing your config, you are only using Group URLs as opposed to aliases and the selection drop down. In a case like this, users accessing the FQDN such as http://vpn.yourcompany.com will default to the DefaultWebVPNGroup connection profile. If there are no session limits configured on this policy and the authentication is configured the same, then the user will be permitted access. You could use the DefaultWebVPNGroup as a catch all and set the simultaneous login to 0 in the policy to restrict access. A better approach would be to look into group locking.