Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoe
Staff
Staff

Created on ‎10-30-2020 06:14 AM Edited on ‎04-03-2025 12:29 AM By Community Manager

Article Id 191337

Technical Tip: Local user, username case sensitivity and accent sensitivity

Description


This article describes the option to disable username case sensitivity for all types of local users.

 

Scope

 

FortiGate.

Solution


By default, remote LDAP and RADIUS user names are case-sensitive.
When a remote user object is applied to SSL VPN authentication, the user has to type the exact case that is used in the user definition on the FortiGate.

The ' set username-case-sensitivity’ CLI command can disable case sensitivity, allowing the remote user object to match any case the end user types in while logging.


To disable case sensitivity for individual users use the following command.

 

config user local
    edit "<name>"
        set type <ldap|radius>
        set username-case-sensitivity disable/enable
end

  • disable: Ignore case and accents. The username at the prompt is not required to match the case or accents.
  • enable: Do not ignore cases and accents. The username at the prompt must be an exact match.

 

JeanPhilippe_P_0-1691139694435.png

 
Note that this option will be available only from the CLI and when the user is enabled with any two-factor authentication method.
 
From v5.6.14, v6.0.13, v6.2.10, v6.4.7, v7.0.1 and above versions:

To match accented characters (for example: 'ě' instead of 'e'  and other few characters ščřžýáíéúů), which are present in many non-English languages, the existing option 'username-case-sensitivity' has been changed to 'username-sensitivity'.

This new option includes both case sensitivity and accent sensitivity. When disabled, both case and accents are ignored when comparing names while matching the local user.

 

config user local

    edit "<name>"

        set username-sensitivity ? 

        enable <---- Do not ignore cases and accents. The username at the prompt must be an exact match.

        disable <---- Ignore case and accents. The username at the prompt is not required to match the case or accent.

end

 

Note:

  1. If the user's password is stored locally (set type password), the option to enable, or disable username-sensitivity will not be available.
  2. The user case sensitivity is only available per user setting, a global configuration for case sensitivity is not available.

 

Related articles:
Technical Tip: SSL VPN two factor authentication (2FA) is bypassed when user enters username that is... 

Technical Tip: Description of CVE-2020-12812 (bypassing two-factor authentication for LDAP users) an...

Technical Tip: A quick guide to FortiGate SSL VPN authentication and common issues and misunderstand...

Technical Tip: Configuring Remote LDAP users with Two-Factor Authentication

34692
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.