diff --git a/pkg/api/keystone/keystone_requests.go b/pkg/api/keystone/keystone_requests.go
index 582b11da4e097..7e590388ffd6f 100644
--- a/pkg/api/keystone/keystone_requests.go
+++ b/pkg/api/keystone/keystone_requests.go
@@ -220,6 +220,7 @@ func authenticate(data *Auth_data, b []byte) error {
 	data.Expiration = auth_response.Token.Expires_at
 	data.Roles = auth_response.Token.Roles
 	data.DomainId = auth_response.Token.User.Domain.Id
+	data.Username = auth_response.Token.User.Name
 
 	return nil
 }
diff --git a/pkg/login/keystone.go b/pkg/login/keystone.go
index 4ca3dd738f855..6c4d3cc98f82e 100644
--- a/pkg/login/keystone.go
+++ b/pkg/login/keystone.go
@@ -37,7 +37,7 @@ func (a *keystoneAuther) login(query *LoginUserQuery) error {
 
 	log.Trace("perform initial authentication")
 	// perform initial authentication
-	if err := a.authenticate(query.Username, query.Password); err != nil {
+	if err := a.authenticate(query); err != nil {
 		return err
 	}
 
@@ -56,12 +56,12 @@ func (a *keystoneAuther) login(query *LoginUserQuery) error {
 
 }
 
-func (a *keystoneAuther) authenticate(username, password string) error {
-	user, _ := keystone.UserDomain(username)
+func (a *keystoneAuther) authenticate(query *LoginUserQuery) error {
+	user, _ := keystone.UserDomain(query.Username)
 	auth := keystone.Auth_data{
 		Server:   a.server,
 		Username: user,
-		Password: password,
+		Password: query.Password,
 		Domain:   a.domainname,
 	}
 	if err := keystone.AuthenticateUnscoped(&auth); err != nil {
@@ -69,6 +69,7 @@ func (a *keystoneAuther) authenticate(username, password string) error {
 	}
 	a.token = auth.Token
 	a.domainId = auth.DomainId
+	query.Username = auth.Username // in case the actual username is a different case
 	return nil
 }