Extract identity from the Subject DN of the TLS certificate from the connection peer

The claimed identity of the requester is extracted from the TLS client certificate from the handshake.

To define this identity extraction method, the AAA policy needs the validation credentials for the signing certificate. The validation credentials verify this certificate.