Keycloak Not promoting for Cert after setting up x509 browser flow

We are trying to configure Keycloak to allow Common Access Card (CaC) SSO and have followed the steps described in the keycloak documentation (Server Administration Guide) but when we go to the login page, we are not prompted for a cert and can only use user/password. Any thoughts on why this is happening? we are on version 20.0.3 which is inside a docker container.