diff --git a/tests/unit/oidc/models/test_github.py b/tests/unit/oidc/models/test_github.py
index 6591586609f1..43ae5fc346f4 100644
--- a/tests/unit/oidc/models/test_github.py
+++ b/tests/unit/oidc/models/test_github.py
@@ -417,6 +417,8 @@ def test_github_publisher_job_workflow_ref(self, claim, ref, sha, valid, expecte
         [
             ("repo:foo/bar", "repo:foo/bar:someotherstuff", True),
             ("repo:foo/bar", "repo:foo/bar:", True),
+            ("repo:fOo/BaR", "repo:foo/bar", True),
+            ("repo:foo/bar", "repo:fOo/BaR:", True),
             ("repo:foo/bar:someotherstuff", "repo:foo/bar", False),
             ("repo:foo/bar-baz", "repo:foo/bar", False),
             ("repo:foo/bar", "repo:foo/bar-baz", False),
diff --git a/warehouse/oidc/models/github.py b/warehouse/oidc/models/github.py
index 9fde7e99c100..643439d04ca6 100644
--- a/warehouse/oidc/models/github.py
+++ b/warehouse/oidc/models/github.py
@@ -91,7 +91,12 @@ def _check_sub(ground_truth, signed_claim, _all_signed_claims):
     if len(components) < 2:
         return False
 
-    return f"{components[0]}:{components[1]}" == ground_truth
+    org, repo, *_ = components
+    if not org or not repo:
+        return False
+
+    # The sub claim is case-insensitive
+    return f"{org}:{repo}".lower() == ground_truth.lower()
 
 
 class GitHubPublisherMixin: