I was recently referred to a link on people.wikimedia.org which required logging in using SSO. As described in T279832#6992542, I was originally given access using the username "huji" but when I logged in successfully as "Huji" I got a permission denied error. @Urbanecm had to add me also as "Huji" with upper case H so that I could log in. Presumably, I could have accessed that resource if I had entered my username as "huji" when I logged in.
The point is, if the login box allows me to enter either of those and log in successfully, any underlying permission check should also gracefully handle it. In this case, it did not.