Hello and thanks to everyone for the help.
The original problem was to be able to validate a user based on the client certificate.
The first thing I did was create the certificates for my PoC.
#> openssl req -newkey rsa:2048 -nodes -keyout centos7.shared.key -x509 -days 365 -out centos7.shared.crt
With the CRT I register it in Tasks -> Certificates, Keys and Secrets -> Manages Certificates. (Remember that this certificate is "Trust Anchor").
Then I create my PoC API.
I create an IdP in the Identity Providers tab, with the following characteristics.
.- Type : X.509 Certificate
.- Do not assign Trusted Certificate, press next and ok to the warning.
.- Certificate validation: Validate certificate path.
On this IdP create a federated user. In the wizard include your DN, and select additional properties to add the certificate associated with this user, a warning is generated to write the DN, press OK.
If you test the API with postman including the certificates everything works correctly