Are we asking, if in the incoming SAML Assertion, the NameID attribute contains "XYZ" or "Xyz or "xyz". Then CA SSO should disambiguate as per whatever is the case of the value in NameID attribute? If Yes, I am thinking CA SSO just does that OOB. CA SSO relies on the UD's ability to disambiguate / differentiate "XYZ" or "Xyz or "xyz" and return success or failure based on a perfect match.
Please suggest if the use case mentioned above is what was expected, so that we are on the same page to begin with.
Regards
Hubert