Access Manager Tree that supports Kerberos and Certificate node

With AM 7.1 I am trying to use a tree with Certificate and Kerberos nodes. Has anyone else managed to set this up successfully?
When I setup the Kerberos node so it’s before Certificates, sign-on using a desktop with Kerberos credentials succeeds but Certificate authentication never succeeds.
And the opposite, if I setup Certificates first, Kerberos authentication fails when no certificate is in our HTTP Header.

Hello Malex,

I need a little more information than this. And I am not clear of the use case however. Do you imply Kerberos is not trusted on its own, and neither is X509cert auth-n? Is this a typical pattern?

Also, What is the client, please?