Enable X.509 auth fails

I’ve deployed Spinnaker to an AKS cluster using the helm chart. I’ve enabled SSL as described in the documentation. The problem is when I enable X.509 auth. When accessing the UI endpoint from the browser I get a pop-up asking for a username and password, instead of asking for a client certificate. No other auth method is enabled. Any ideas why?