Hi @jeff.ohrstrom,
Took really long time than expected, but I can confirm that creating metadata after swapping both ARG is working.
From my experience, most users would need this workaround as most ADFS systems return Attributes like “sAMaccountName” which is case-insensitive where as unix won’t like it.
Perhaps adding a section in the page with above info might help others.
Initially I configured SSSD to be case-insensitive, which didn’t work all the way (logs suggest my login was successful) because nginx failed to get lock on socket which is expected because PUN is started as REMOTE_USER.