Log invalid SOAP message and return 400 (#28340)

For #28240 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Manual QA for all new/changed functionality
2026-05-23 08:58:41 +00:00 · 2025-04-18 11:13:30 -05:00 · 2025-04-18 11:13:30 -05:00 · 162f974a67
commit 162f974a67
parent 261b2446d6
2 changed files with 14 additions and 1 deletions
--- a/changes/28240-log-invalid-soap-msg
+++ b/changes/28240-log-invalid-soap-msg
@ -0,0 +1 @@
+Log invalid Windows MDM SOAP message and return 400 instead of 5XX. This change helps debug Windows MDM issues.
--- a/server/service/microsoft_mdm.go
+++ b/server/service/microsoft_mdm.go
@ -36,6 +36,8 @@ import (
 	"github.com/google/uuid"
 )

+const maxRequestLogSize = 10240
+
 type SoapRequestContainer struct {
 	Data   *fleet.SoapRequest
 	Params url.Values
@ -60,7 +62,9 @@ func (req *SoapRequestContainer) DecodeBody(ctx context.Context, r io.Reader, u
 		// Unmarshal the XML data from the request into the SoapRequest struct
 		err = xml.Unmarshal(reqBytes, &req.Data)
 		if err != nil {
-			return ctxerr.Wrap(ctx, err, "unmarshalling soap mdm request")
+			// We log the request body for debug by using an error implementing ErrWithInternal interface.
+			return ctxerr.Wrap(ctx, &fleet.BadRequestError{Message: "unmarshalling soap mdm request: " + err.Error(),
+				InternalErr: fmt.Errorf("request: %s", truncateString(string(reqBytes), maxRequestLogSize))})
 		}
 	}

@ -2348,3 +2352,11 @@ func buildCommandFromProfileBytes(profileBytes []byte, commandUUID string) (*fle

 	return command, nil
 }
+
+// truncateString truncates a string to maxLen characters, adding "..." if truncated
+func truncateString(s string, maxLen int) string {
+	if len(s) <= maxLen {
+		return s
+	}
+	return s[:maxLen] + "..."
+}
				`@ -0,0 +1 @@`
				`Log invalid Windows MDM SOAP message and return 400 instead of 5XX. This change helps debug Windows MDM issues.`