2523632 - SMP x.509 certificate authentication fails with 401, SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role" error messages

SMP is configured to use x.509 certificate authentication provider to authenticate mobile users, but the authentication fails with the below error messages:

Fetching security context failed for: 'null'
No AuthenticationEntryPoint was set during login attempt. Falling back to HTTP 401 + WWW-Authenticate 
"Authentication failed. SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role"
Authentication Failed for: 'null'
Authentication failed for user null
CheckIfSessionExists returned false. Was logged out due to webapp switch false
authfilter-1: Security Configuration set to: '<AuthProfileName'
front-end-https: On
connection: close
content-length: 518
clientprotocol: https
Cookie: sapextlb_OQ5=SAP_WDISP_EXTSRV_0_F5DC34442BBB7C99 Expires: -1, Domain: null, Secure: false, HttpOnly: false
user-agent: Dalvik/2.1.0 (Linux; U; Android 7.0; Android SDK built for x86 Build/NYC)
ssl_client_cert: -----BEGIN CERTIFICATE----- <cert> -----END CERTIFICATE-----
ssl_cipher_usekeysize: 256
ssl_cipher_suite: ECDHE-RSA-AES256-GCM-SHA384
x-forwarded-for: 194.68.2.130
x-forwarded-proto: https
POST /odata/applications/v4/<>/Connections/ HTTP/1.1
host: test.ifa.mt.com
accept: */*
content-type: application/atom+xml;charset=utf-8

 SAP Mobile Platform (SMP) 3.0 OData Runtime

x.509, x509, xml, cert, certificate, authentication, subjectDN, distinguished name, dn, cn, 401, 403, not authenticated, fail, fails, failed , KBA , MOB-ONP-SEC , SAP Mobile On Premise Security , Problem