When attempting SSO login via ADFS, the ADFS login page stalls. When redirected to vCenter, the error "[400] Unable to authenticate. Check your credentials. If problem persists, contact your administrator" appears.

In vsphere_client_virgo.log, apigw.log, or trustmanagement-svcs.log:   Error 526

vCenter 8.x

Invalid certificate chain for ADFS certificate in vCenter Certificate Management. 

Add the valid Root and Intermediate certificates for the ADFS certificate to vCenter > Administration > Certificate Management > Trusted Roots.

Restart vCenter services.