Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Case (in)sensitivity for JSON schema in ASM policy

JustJozef
Cirrus
Cirrus

‎09-Aug-2023 11:39

Hi all,

I would like to know if follow behaviour is correct or it's bug.

I have ASM policy where JSON profiles are created from swagger file with JSON Schema Files. Global policy setting "Policy is Case Sensitive" is defined to "No".

However payload in requests is strictly checked and if in schema file is defined parameter "username" then request with parameter "Username" is not valid and is against security policy. It mean that Json Schema has higher priority than global settings of policy?

Part of the JSON schema:

"required":["password","username"]

Valid request with payload

{"username":"myuser","password":"mypass"}

Request what report violation "JSON data does not comply with JSON schema"

{"Username":"myuser","Password":"mypass"}

 In details it reports that parameter username is missing and Illegal additional property Username is defined.

Labels:
0 Kudos
3 REPLIES 3

Leslie_Hubertus
Community Manager
Community Manager

‎11-Aug-2023 11:36

Hi @JustJozef  - @JRahm is on PTO this week, but may be able to step in to help if there's still no reply from the community next week. 

0 Kudos

Nikoolayy1
MVP
MVP

‎13-Aug-2023 23:13

You can see https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-json-support-to-an-exis... as if you dissabled "Parse Parameters" then the JSON schema will be used and it is seperate from the Global policy settings and I think there is no option under the content profile to make it case not sensative.

0 Kudos

JustJozef
Cirrus
Cirrus
In response to Nikoolayy1

‎22-Aug-2023 07:43

Thanks for response @Nikoolayy1 .

I think that you point to the follow section:

After a JSON schema is uploaded and selected, the Parse Parameters setting is disabled because the policy stops using any configured policy parameters and begins using the custom JSON parameters from the JSON schema file(s).

I understood what you mean but JSON schema is still under policy which is case-insensitive. It's correct that parameters are taken from schema instead policy configuration but should global parameters (like case- (in)sensitive) be excluded as well?

0 Kudos
Copyright © 2023 Khoros, LLC