Here is what I did to solve the issue.
1. I extended org.jboss.security.auth.spi.BaseCertLoginModule and overriding the method getAliasAndCert() with my own implementation.
2. Use my extended LoginModule in place of BaseCertLoginModule in the login-config.xml file.
3. In the login-config.xml file use both the username/password authentication login module and the subclassed BaseCertLoginModule
4. In jboss-service.xml find the following entry
In that change the values of the properties "DefaultCacheTimeout" and "DefaultCacheResolution" to zero. This is to disable the caching of security credentials, so that your certificate will be validated properly without caching.
I hope this will be helpful for anyone. If you need further details on my implementation of the getAliasAndCert() method, let me know. I will post the relevent portions of the code in the forum.
I have same issue to solve, could you please post the code of the getAliasAndCert() method, it would be very helpfull. thanks