Automatic firmware update, clients now say Credential or ssl vpn configuration is wrong (-7200)

Hi

Is it SSL VPN?

Is VPN user authenticated with RADIUS?

Greetings, 
Assuming the referenced upgrade was v7.0.16 to 7.0.17. and Forticlient 7.4.x (If not, this can be disregarded)
There was a change note in 7.0.17:

1101837

Insufficient Session Expiration in SSLVPN using SAML authentication.
This seems to have had some negative effect.  
I'd opened a support ticket and they essentially told me that 7.0.x was EOES and could not guarantee a solution.  Ended up pushing to 7.2.10 and this issue was no longer observed. 
There's another thread here: https://community.fortinet.com/t5/Support-Forum/7-0-17-breaking-SAML/m-p/371425#M261521

Hi @asomnet-sysadm ,

It's better to provide the firmware version info.

You should plan upgrading to FortiOS 7.4.7 and most importantly migrate to IPSec IKEv2 VPN...

Sorry, I forgot to mention the software version. We upgraded from 7.0.14 to 7.4.6 and all was fine, but for some reason auto updates were automatically enabled so one night the firewall upgraded from 7.4.6 to 7.4.7 and it was after this auto update the clients started failing. Checking "Use external browser as user-agent for saml user authentication" it started working again. No idea what happened though. Upgrading the client to the latest version wouldn't help either.