From 1bd9b1880382e27991da148d591bbdf52d9fc1b7 Mon Sep 17 00:00:00 2001
From: Markus Backes <markus.backes@gmail.com>
Date: Tue, 17 Nov 2015 09:32:14 +0100
Subject: [PATCH] treat principal name case insensitive

 * Kerberos login with active directory failed with invalid username or password because AD treats principal names in a case insensitive way (https://ssimo.org/blog/id_016.html)
---
 .../federation/kerberos/KerberosFederationProvider.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
index 09a4da75b6..65831f250c 100755
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
@@ -116,7 +116,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
         // KerberosUsernamePasswordAuthenticator.isUserAvailable is an overhead, so avoid it for now
 
         String kerberosPrincipal = local.getUsername() + "@" + kerberosConfig.getKerberosRealm();
-        return kerberosPrincipal.equals(local.getFirstAttribute(KERBEROS_PRINCIPAL));
+        return kerberosPrincipal.equalsIgnoreCase(local.getFirstAttribute(KERBEROS_PRINCIPAL));
     }
 
     @Override