The Fortiauthenticator can be configured to authenticate user via smartcard. A user certificate is bound to the user and exported from the FortiAuthenticator so it can be placed on the smartcard.
First make sure a user is created and Radius authentication is allowed.
Now that a user exists, create a new user certificate associated with the desired local user, this will also bind this certificate to the user.
next export the certificate in pkcs12 format, this file will be imported into the Fortitoken 300 or other smartcard.
The wireless controller will need to be authorized as a client on the Fortiauthenticator. The client IP and the shared secret are most important.