When using client-cert authentication with authorization and the common-name-role-mapper, the common-name -> permission mapping results in a request being rejected even if the common-name is associated with a role that should be able to perform the operation e.g. "admin".