Before you begin
Review the conceptual information and attribute options for a user name mapper. See Configuring a User Name Mapper
The default user name mapping class only validates that a certificate has not expired. If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name. See Configure a custom user name mapper.
To use the default user name mapper: