After trying for a while to make the subject working I gave up and turned to the BizTalk product team. It was confirmed that SOAP adapter would not populate message context with client certificate as HTTP adapter does and the new bug was filed. Apparently, it's pretty major fix and won't probably make it to the RTM. The alternative is to use resolution by SecurityID (AllowByCert=false; AllowBySID=true in the pipeline's party resolution component). The client certificate mapping to windows accounts ......