The result of an identity policy can reference results of one of the following kinds
- identity store (for password based authentication)
- certificate authentication profile (for certificate based authentication)
The error you are seeing is when a password based authentication request is received but the result of the selected identity policy is a certificate authentication profile
If you want the identity policy to support both methods I think what you need to do is create an identity sequence. (Users and Identity Stores >Identity Store Sequences > Create)
- Select "Certificate Based" option and then the Certificate Authentication Profile
- Select "Password Based" and then the identity stores to be used for authentication
Then select the identity sequence as the result in the identity policy