Specifically, we don't have an easy (or any?) way to load the certificate subject via a user principal into the AuthorizationContext.
The work in
SOLR-10814 would also be good here, since the subject can have much more than just the CN, for example it can have locations and organizational units. C=US, ST=California, L=San Francisco, O=Wikimedia Foundation, Inc., CN=*.wikipedia.org