If it's being used as the former (a smartcard), this would register as a Digital Certificate inthe MS IE CAPI certificate store, and you would configure ther PIX/ASA for certificate based authentication for users. Once certificate authentication is configured, all WebVPN users must presently authenticate with certificate. If it's an OTP type of device, then this would require setting up the PIX/ASA to PROXY to RADIUS and a RADIUS server capable of communicating with the eAladdin server.
Try this link:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/certs.htm