Setting the cookie is part of the authentication server, so there is no place in the policy or rule tracing where you can see MWG executing an explicit event for setting the cookie.
Do you have any chance to check with Firefox and the development tools if there is a Set-Cookie header returned by MWG?
You can go to the Firefox Settings - Developer Settings - Web Console and there should be a tab called "network analysis". Here you should see that MWG sets a cookie after the SAML authentication succeeded.
I've found the issue: The entry in the SAMLAuthResponseList was wrong. After that most of things are working now. Only for some specific ssl sites it seems that authentication is bypassed (facebook, google ). I've to dive deeper into this to find out what's happening there.