You can use X.509 certificates for client authentication.
There are many other options like HTTP Basic, HTTP Digest, HTTP Header, Kerberos..
Yes,OAG supports the client authentication based on X.509 certificate.
You can use the SSL filter and “Authentication By Attribute” filter .
Let me know if you need more detail.