Cause 1: User-agent header sent to the IDP is not registered as one of “HTTP Authentication-enabled” clients. In most cases, in this scenario, the IDP replies sending to the KLA a simple HTML Form and HTTP Authentication negotiation process cannot be triggered. To solve this, you have to indicate in the “User-Agent to send during HTTP authentication” field, one of the User-agent string that is configured in your IDP.
Cause 2: Some IDPs like ADFS has extra protection to prevent Man-in-the-middle attacks. If your IDP has this option enabled, HTTP authentication will not work. If this is your case, try to use the Form-based authentication method.