I have spring-boot application integrated with keycloak saml using spring saml extension.
I am able to authenticate successfully using SP-initiated authentication.
From the SP metadata.xml, I copied the AssertionConsumerService binding URL and added it to the Assertion Consumer Service Post Binding URL in the fine grain saml endpoint configuration section in keycloak.
Also, add the IDP-initiated SSO URL name. It displayed a target URL and when calling this URL, I’m able to do IDP initiated login.
I hope this is it. Will post if I find any issues.