When an admin user tries to login to the FortiGate's administrative GUI using SAML authentication, the login fails with an error 'Authentication failure' as seen in the screenshot below.

 
The following debugs can be run on the FortiGate while trying to authenticate on the administrative GUI:

diagnose debug console timestamp enable

diagnose debug application http_authd -1

diagnose debug enable

To stop the debugging:

   diagnose debug disable

   diagnose debug reset

The error 'Failed to create admin session -1' will be seen in the debugs on the FortiGate:

2026-01-07 14:14:01 [http_authd 3310 - 1767816841 info] http_authd_saml_sp_acs_handler[1100] -- SSO
admin successfully logged in.
2026-01-07 14:14:01 [http_authd 3310 - 1767816841 info] http_authd_request_handler[630] -- Successfu
lly handled "SAML SP" request.
2026-01-07 14:14:01 [http_authd 3310 - 1767816841 info] http_authd_request_handler[669] -- ---------
--------------------------------------
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_handler_main_loop[790] -- Receive
d "pre-login stat" request (seq: 42843) from 10.214.134.5 (128 bytes)
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[612] -- =========
======================================
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[630] -- Successfu
lly handled "pre-login stat" request.
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[669] -- ---------
--------------------------------------
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_handler_main_loop[790] -- Receive
d "validate session" request (seq: 42844) from x.x.x.x (187 bytes)
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[612] -- =========
======================================
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 warning] authorize_external_request[1162] -- Login is
still in-progress for external request (GUI login) from x.x.x.x
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_validate_session_handler[1377] --
Request from external authorized.
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[630] -- Successfu
lly handled "validate session" request.
2026-01-07 14:14:02 [http_authd 3310 - 1767816842 info] http_authd_request_handler[669] -- ---------
--------------------------------------
2026-01-07 14:14:04 [http_authd 3310 - 1767816844 info] http_authd_handler_main_loop[790] -- Receive
d "login" request (seq: 42845) from 10.214.134.5 (179 bytes)
2026-01-07 14:14:04 [http_authd 3310 - 1767816844 info] http_authd_request_handler[612] -- =========
======================================
2026-01-07 14:14:04 [http_authd 3310 - 1767816844 info] http_authd_login_handler[2298] -- post-login
banner accepted.
2026-01-07 14:14:04 [http_authd 3310 - 1767816844 info] http_authd_login_set_admin_session[406] -- V
DOM updated to 'root'
2026-01-07 14:14:04 [http_authd 3310 - 1767816844 error] http_authd_login_handler[2391] -- Failed to
create admin session -1

As a workaround, disable 'post-login-banner' in the CLI to allow the administrator to login.

config system global 

    set post-login-banner disable

end

Note: While the workaround and symptoms are similar to Troubleshooting Tip: Unable to log in to the FortiGate GUI after upgrading to 7.6.4, this is a different problem impacting SAML configurations.

Fortinet is currently tracking this issue as a bug (1237463) with the intention to fix the problem in a future release of FortiOS 7.6 and the upcoming FortiOS 8.0 release.