org.jboss.security.auth.certs.SubjectDNMapping returns a Principal that is non-serializable. However, Principal objects should be serializable when used in JAAS (http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html#Principals).

org.jboss.security.auth.certs.SubjectDNMapping is implemented to return Principal using X509Certificate's getSubjectDN(). The problem can be fixed by changing it to return Principal using getSubjectX500Principal().

This change is sensible also in the light of JDK 1.5 documentation, which states that getSubjectDN() should not be used, because it gives no guarantees as to what kind of Principal is actually returned.