Forum Discussion
JustJozef
Cirrus
CirrusCase (in)sensitivity for JSON schema in ASM policy
Hi all,
I would like to know if follow behaviour is correct or it's bug.
I have ASM policy where JSON profiles are created from swagger file with JSON Schema Files. Global policy setting "Policy is Case Sensitive" is defined to "No".
However payload in requests is strictly checked and if in schema file is defined parameter "username" then request with parameter "Username" is not valid and is against security policy. It mean that Json Schema has higher priority than global settings of policy?
Part of the JSON schema:
"required":["password","username"]Valid request with payload
{"username":"myuser","password":"mypass"}Request what report violation "JSON data does not comply with JSON schema"
{"Username":"myuser","Password":"mypass"}In details it reports that parameter username is missing and Illegal additional property Username is defined.
- Nikoolayy1
MVP
You can see https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-json-support-to-an-existing-security-policy.html as if you dissabled "Parse Parameters" then the JSON schema will be used and it is seperate from the Global policy settings and I think there is no option under the content profile to make it case not sensative.
JustJozefThanks for response Nikoolayy1 .
I think that you point to the follow section:
After a JSON schema is uploaded and selected, the Parse Parameters setting is disabled because the policy stops using any configured policy parameters and begins using the custom JSON parameters from the JSON schema file(s).
I understood what you mean but JSON schema is still under policy which is case-insensitive. It's correct that parameters are taken from schema instead policy configuration but should global parameters (like case- (in)sensitive) be excluded as well?
