X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc.

Example:
When passed certificate includes DN CN=user,OU=EAP QE,... and LDAP entry includes entry with attribute value CN=user, OU=EAP QE, ... then it is not successfully verified.

[1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc759418105535cd4735c46d90/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java#L127