Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Case (in)sensitivity for JSON schema in ASM policy


Hi all,

I would like to know if follow behaviour is correct or it's bug.

I have ASM policy where JSON profiles are created from swagger file with JSON Schema Files. Global policy setting "Policy is Case Sensitive" is defined to "No".

However payload in requests is strictly checked and if in schema file is defined parameter "username" then request with parameter "Username" is not valid and is against security policy. It mean that Json Schema has higher priority than global settings of policy?

Part of the JSON schema:


Valid request with payload


Request what report violation "JSON data does not comply with JSON schema"


 In details it reports that parameter username is missing and Illegal additional property Username is defined.


Community Manager
Community Manager

Hi @JustJozef  - @JRahm is on PTO this week, but may be able to step in to help if there's still no reply from the community next week. 

You can see as if you dissabled "Parse Parameters" then the JSON schema will be used and it is seperate from the Global policy settings and I think there is no option under the content profile to make it case not sensative.

Thanks for response @Nikoolayy1 .

I think that you point to the follow section:

After a JSON schema is uploaded and selected, the Parse Parameters setting is disabled because the policy stops using any configured policy parameters and begins using the custom JSON parameters from the JSON schema file(s).

I understood what you mean but JSON schema is still under policy which is case-insensitive. It's correct that parameters are taken from schema instead policy configuration but should global parameters (like case- (in)sensitive) be excluded as well?