I am struggling to find documentation or advice describing usage of SAML Bearer Assertion Flow with Keycloak. The grant type grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer. Alternatively, any information on configuring Token Exchange with Keycloak would be appreciated, as the flow seems similar enough (while rules of tusting the 3rd party token are surely different).
I would like Keycloak to verify presented SAML assertion in the OIDC / Oauth2 token endpoint, and issue corresponding access / id tokens, for the user the assertion was issued for. Any example workign configuration highly appreciated.