FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoe
Staff
Staff
Article Id 191337

Description


This article describes the option to disable username case sensitivity for all type of local users.

Solution


By default, remote LDAP and RADIUS user names are case sensitive.
When a remote user object is applied to SSL VPN authentication, the user has to type the exact case that is used in the user definition on the FortiGate.

Case sensitivity can be disabled by the ‘set username-case-sensitivity’ CLI command, allowing the remote user object to match any case that the end user types in while login.


To disable case sensitivity for individual users use the following command.

 

config user local
    edit "<name>"
        set type password
        set username-case-sensitivity disable/enable
end

JeanPhilippe_P_0-1691139694435.png

 
Note that this option will be available only from CLI and when the user is enabled with any two-factor authentication method.
 
From v5.6.14, v6.0.13, v6.2.10, v6.4.7, v7.0.1:
 

In order to match accented characters (e.g. 'ě' instead of 'e'  and other few characters ščřžýáíéúů), which are present in many non-English languages, the existing option 'username-case-sensitivity' has been changed to 'username-sensitivity'. This new option includes both case sensitivity and accent sensitivity. When disabled, both case and accents are ignored when comparing names during matching the local user.

 

config user local

    edit example

        set username-sensitivity ?  <-

                enable   : Do not ignore cases and accents. The username at the prompt must be an exact match.

                     disable  : Ignore case and accents. Username at prompt is not required to match case or accents.

         next

end

Contributors