I am trying to connect IdentityServer as SP and Keycloak as IdP.
I have configured a Keycloak client and everything redirected to Keycloak and back to IdentityServer.
However, after redirect back to IdentityServer I have an exception:
Exception: SAMLResponse contains incorrect audience restriction
I know that there is a tag AudienceRestriction in SAML but I don’t know how to configure it in the Keycloak.
My question is: How to set up AudienceRestriction in Keycloak so it allows to my IdentityServer client use the response from Keycloak?