SubjectCNMapper is not invoked with CertificatesRoles login-module in EAP6

Issue

• SubjectCNMapper is not invoked with CertificatesRoles login-module

  • When using the CertRolesLoginModule to perform CLIENT_CERT authentication with EAP 6.0.1.

  • With a configured security-domain that maps SubjectCNMapper to a value of CN in the certificate, (instead of DN to a Principal).

      <security-domain name="mySecurityDomain" cache-type="default">
        <authentication>
          <login-module code="CertificateRoles" flag="required">
            <module-option name="securityDomain" value="mySecurityDomain"/>
            <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
            <module-option name="rolesProperties" value="${project.build.outputDirectory}/config/roles.properties"/>
          </login-module>
        </authentication>
        <mapping>
          <mapping-module code="org.jboss.security.mapping.providers.principal.SubjectCNMapper" type="principal" />
        </mapping>                   
        <jsse truststore-url="${project.build.outputDirectory}/config/ServerTrustStore.jks"
                          truststore-password="password"
                          truststore-type="jks" client-auth="true"
                          keystore-url="${project.build.outputDirectory}/config/ServerKeyStore.jks"
                          keystore-password="password"
                          keystore-type="jks"
                          />
      </security-domain>