After upgrading the Fortigate to 7.2.12, 7.4.9 or 7.6.4 the SAML authentication (for e.g. IPsec or SSL VPN) is not working anymore. The authentication process takes a very long time and then results in a timeout.
Reason for this is that Fortinet has started to verify the signature for SAML response message. If the IdP is not signing the SAML responses the authentication process will fail with this upgrade.
This new behavior has been documented in the release notes, e.g. https://docs.fortinet.com/document/fortigate/7.4.9/fortios-release-notes/684249/saml-certificate-verification.
An example of the required configuration in Entra is available here: https://docs.fortinet.com/document/fortigate/7.4.9/administration-guide/736845/saml#Identity_providers
