RHPAM + RHSSO/KEYCLOAK -> Login failed: Not Authorized

So I’m integrating RHSSO (based on keycloack) with RH Business Central (RHPAM) as authoring instance and no matter what I do after it redirects from the RH-SSO login page to the target/landing page of the RHPAM/BusinessCentral I always get the Login failed: Not Authorized

I have already followed the steps detailed here but still no-go; has anyone come across this before?