Issue with JSON input when it passes through Azure Gateway - Need help

jansi rani krishnan 601 Reputation points
2021-09-14T18:45:15.363+00:00

I have a Microsoft Orchestrator Runbook web service which consumed by a third party application (Service Now). The Orchestrator Runbook accepts the input request as XML format as shown below. 

<?xml version="1.0" encoding="utf-8" standalone="yes"?>  
<entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom">  
<content type="application/xml">  
<m:properties>  
<d:RunbookId type="Edm.Guid">{$($RunbookID)}</d:RunbookId>  
<d:Parameters>&lt;Data&gt;&lt;Parameter&gt;&lt;ID&gt;{226acf75-e61d-49c8-ae5e-e1439613091c}&lt;/ID&gt;&lt;Value&gt;Medium&lt;/Value&gt;&lt;/Parameter&gt;&lt;/Data&gt;</d:Parameters>  
</m:properties>  
</content>  
</entry>

Since ServiceNow requested the input format in JSON, I converted the above XML based input to JSON format as below. 

{  
"RunbookId": "73aff8c3-1309-418a-bc8c-7eb22a6e41e7",   
"Parameters": "<Data>  
<Parameter><Name>Title</Name><ID>{a5017317-e6a6-4854-b106-bc12a30fa71b}</ID><Value>Test Incident</Value></Parameter>  
<Parameter><Name>Description</Name><ID>{4ffddad2-c2b2-44fa-b170-2a11ef7028c0}</ID><Value>This is created for testing purpose</Value></Parameter>  
<Parameter><Name>Urgency</Name><ID>{c272db8a-638b-4b24-b834-8a5d4016a721}</ID><Value>High</Value></Parameter>  
<Parameter><Name>Impact</Name><ID>{d54163d7-ba19-4e12-8706-9d15827c7df2}</ID><Value>Medium</Value></Parameter>  
<Parameter><Name>Source</Name><ID>{f650f405-8677-48c9-88b1-e0a5e2892b20}</ID><Value>Email</Value></Parameter>  
<Parameter><Name>TierQueue</Name><ID>{aad4eefa-b0e5-4189-8791-48ead24c6098}</ID><Value>Support Infrastructure</Value></Parameter>  
<Parameter><Name>Status</Name><ID>{9246c7ee-f52a-43e4-a339-cf2ff28c84d1}</ID><Value>Active</Value></Parameter>  
<Parameter><Name>Classification</Name><ID>{9f5486b5-f54e-4bb0-b5b6-214352846d43}</ID><Value>Infrastructure</Value></Parameter>  
<Parameter><Name>AffectedUser</Name><ID>{aa37e610-9155-4aff-a019-17b2f7ea6782}</ID><Value>exjakri1_adm</Value></Parameter>  
</Data>"   
}

We have the Azure Gateway in between ServiceNow and Orchestrator. When JSON request sent through Azure Gateway, it throws below error. Looks like JSON request is not in the required format when the Azure Gateway tries to parses the JSON input. 

JSON parsing error: lexical error: invalid character inside string.  
Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required.

I need some input on how to make the JSON request a valid one, so that it can be parsed by Azure Gateway.
Your help is highly appreciated.

Regards,
Jansi

System Center Orchestrator
System Center Orchestrator
A family of System Center products that provide an automation platform for orchestrating and integrating both Microsoft and non-Microsoft IT tools.
214 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,181 Reputation points
    2021-09-16T09:48:37.713+00:00

    @jansi rani krishnan Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with Azure App GW throwing the above error when making the JSON request as explained above.

    In order to work around this, you either have to fix the validation error in your application or disable body inspection in App GW. Here is how to disable body inspection:

    To disable request body check via AZ PS:

    New-AzApplicationGatewayFirewallPolicySetting (Az.Network)

    New-AzApplicationGatewayFirewallPolicySetting

    [-Mode <String>]
    [-State <String>]
    [-DisableRequestBodyCheck]
    [-MaxRequestBodySizeInKb <Int32>]
    [-MaxFileUploadInMb <Int32>]
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

    Example:
    $condition = New-AzApplicationGatewayFirewallPolicySetting -State $enabledState -Mode $enabledMode -DisableRequestBodyCheck -MaxFileUploadInMb $fileUploadLimitInMb -MaxRequestBodySizeInKb $maxRequestBodySizeInKb

    The new policySettings is stored to $condition.

    Then you set the FW WAF policy to use the policy setting above; reference: Set-AzApplicationGatewayFirewallPolicy (Az.Network)

    IN other words; in your script, you set the below:

    $policySetting = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled

    You need to add new switch: -DisableRequestBodyCheck with no value:

    $policySetting = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -DisableRequestBodyCheck

    Reference: New-AzApplicationGatewayFirewallPolicySetting (Az.Network)

    If using AZ CLI, you can use the following command:

    az network application-gateway waf-config

    az network application-gateway waf-config set --enabled {false, true}
    [--disabled-rule-groups]
    [--disabled-rules]
    [--exclusion]
    [--file-upload-limit]
    [--firewall-mode {Detection, Prevention}]
    [--gateway-name]
    [--ids]
    [--max-request-body-size]
    [--no-wait]
    [--request-body-check {false, true}]
    [--resource-group]
    [--rule-set-type]
    [--rule-set-version]
    [--subscription]

    Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Hope this helps. Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments