--- /usr/share/simplesamlphp/modules/authorize/lib/Auth/Process/Authorize.php	2021-08-30 12:49:29.005234654 +0200
+++ /usr/share/simplesamlphp/modules/authorize/lib/Auth/Process/Authorize.php	2021-08-30 13:03:43.570699485 +0200
@@ -30,6 +30,11 @@
 	 */
 	protected $valid_attribute_values = array();
 
+	/**
+	 * Array of case insensitive LDAP attribute names
+	 */
+	protected $case_insensitive_attributes = array();
+
 
 	/**
 	 * Initialize this filter.
@@ -57,6 +62,12 @@
 			unset($config['regex']);
 		}
 
+		if (isset($config['case_insensitive_attributes'])) {
+			assert(is_array($config['case_insensitive_attributes']));
+			$this->case_insensitive_attributes = array_map('strtolower', $config['case_insensitive_attributes']));
+			unset($config['case_insensitive_attributes']);
+		}
+
 		foreach ($config as $attribute => $values) {
 			if (is_string($values))
 				$values = array($values);
@@ -90,11 +101,12 @@
 					$values = $attributes[$name];
 					if (!is_array($values))
 						$values = array($values);
+					$casei = in_array(strtolower($name), $this->case_insensitive_attributes);
 					foreach ($values as $value){
 						if ($this->regex) {
-							$matched = preg_match($pattern, $value);
+							$matched = $casei ? preg_match(strtolower($pattern), strtolower($value)) : preg_match($pattern, $value);
 						} else {
-							$matched = ($value == $pattern);
+							$matched = $casei ? strcasecmp($value, $pattern) === 0 : ($value == $pattern);
 						}
 						if ($matched) {
 							$authorize = ($this->deny ? FALSE : TRUE);