I'm having exactly the same problem. I try to accomplish two different login types, one with the basic login form and one over a client certificate.
Does nobody has a clue how to combine client certificates with seam security?
I have a working app that has two different login types (online bank) and it works without problems!
The biggest problem was not the seam itself but apache infront of jboss that had to send certificate properly!
What kind of setup do you run you application exactly? where is ssl terminated? Jboss? apache? proxy?