Some more info (another prove that sssd does not derive the public key from the user certificate): /usr/bin/sss_ssh_authorizedkeys IIN32000000001 when I am using only userCertificate;binary attribute (with the binary value of the certificate) is not giving any output, while when I am using the userCertificate attribute associated with the value of the public key (when the PKI authentication works fine) /usr/bin/sss_ssh_authorizedkeys IIN32000000001 outputs the public key of the user which proves the oposite situation when using public key (wether used along with certificate or not; in cases when user certificate is used along with public key it gets mapped in sssd but it is not validated or compared to the public key - I already mentioned this, and the authentication using the private/public key pair work fine which is not fine :) )
I am just trying to give as much information in order to solve this problem. Sorry for the spam.
BR, Hristina