AudienceRestriction tag for SAML


I am trying to connect IdentityServer as SP and Keycloak as IdP.
I have configured a Keycloak client and everything redirected to Keycloak and back to IdentityServer.
However, after redirect back to IdentityServer I have an exception:

Exception: SAMLResponse contains incorrect audience restriction

I know that there is a tag AudienceRestriction in SAML but I don’t know how to configure it in the Keycloak.

My question is: How to set up AudienceRestriction in Keycloak so it allows to my IdentityServer client use the response from Keycloak?

It could be done in ClientScope → Mappers