I am using zOS RACF as the security registry in liberty on z, SSL configured, requires client authentication. The handshake works well, but failed to get a userID from the certificate. From https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_sec_clientcert.html
Step 6: Make sure any client certificates used for client authentication are mapped to a user identity in your registry.
For the basic registry, the user identity is the common name (CN) from the distinguished name (DN) of the certificate. For a Lightweight Directory Access Protocol (LDAP) registry, the DN from the client certificate must be in the LDAP registry.
Basic registry and LDAP are described, but what happen when I use RACF as my liberty security registry? From the test, it's not working, the userid can not be obtained.
Anybody knows is it supported and if so how to get the userid from cert?