Currently, the pattern for allowed usernames in Syncope is fixed to [a-zA-Z0-9-_@. ]+ (see AccountPolicyEnforcer). There are use cases for which this pattern does not fit (e.g. if one uses email addresses as usernames, e.g. the character '+' is also valid).
I'd suggest making the username pattern configurable via the account policy. See also the corresponding discussion on the mailing list starting with .