We are using PKI for authentication and have no problems.
When the user is prompted for their certificate, they have to select either their email certificate or identity certificate. Does anybody know how to make IIS prompt the user for just their identity certificate (or email if we decide to use that). I see some sites that do this, but I've never figured out how to do it with IIS.