Net iD - Java
An integration based on Jave is not a separate integration path, you can chose
to work with either the SunPKCS11 Provider or the The SunMSCAPI Provider. Maybe
you will find SunPCSC useful as well.

More reading can be found here
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
Bug in JRE
(maybe solved by now...?)
If you want to download av applet from a webpage protected by mutual SSL/TLS you
will have some trouble. Jave does not inherit the session from the browser (as
in JRE 1.3 or older). Instead it want to establish it's own session with it's
own certificate selection dialog. And in this case it handles key in a strange
way (bug!).

Try changing
[CSP]
AcceptBothKeySet=0
to
[CSP]
AcceptBothKeySet=1