What could be causing the auth cookie to not be generated despite the 'Generate cookie for authentication override' setting being enabled?

Why is the firewall falling back to the login page instead of using cookie-based authentication, despite 'Generate cookie for authentication override' being enabled on the Portal and 'Accept cookie for authentication override' being enabled on the Gateway?

When “Generate cookie for authentication override” is enabled on either the Portal or the Gateway, a cookie is issued to the client upon successful authentication via the configured Authentication Profile. However, when client certificate-based authentication is used with the “username” field, the userauthcookie will not be generated.