User's login is not possible as the user's PIV certificate does not get populated in the PAM client. Refer to the login screen below, note there is know PIV certificate to select for the login connection..
1. A new PIV card assigned to this user that cannot login.
2. A new PAM client was installed on the user's laptop.
Release : 3.x, 4.x
a. PAM client installed on user's laptop in a filesystem location where the user does not have required write privileges.
b. Use's laptop may not have all Trusted Root certificates
c.. May need to update the certificate chain in the PAM appliance as User's PIV certificate may be using a newer CA certificate that is not currently trusted by PAM.
The user had installed the PAM client in the windows "Program Files" location where PAM did not have appropriate write privileges. Once the PAM client was re-installed in user's user profile location the issue was resolved as PIV certificate to establish the user's identity is populated and is selectable for login.