After RSE daemon validates the certificate, as described in Certificate validation, it is processed for authentication. The certificate is passed on to your security product for authentication, unless rsed.envvars directive enable.certificate.mapping is set to FALSE , at which point RSE daemon will do the authentication.
If successful, the authentication process will determine the user ID to be used for this session, which is then tested by RSE daemon to ensure it is usable on the host system where RSE daemon is running.
#_RSE_JAVAOPTS="$_RSE_JAVA_OPTS -Denable.certificate.mapping=false"
Use your security software to authenticate a logon with a X.509 certificate. The default is true. Uncomment this option to have RSE daemon do the authentication without relying on the X.509 support of your security software.