Currently I'm trying to setup my Google Cloud organization to accept login from SSO using Keycloak. I've followed the documentation from Keycloak and from Google during the setup, but the setup isn't working. Can someone confirm if the client configuration is properly set? Anytime I login into the keycloak with the my test keycloak user in keycloak I get redirected to google authentication page and from there keycloak is out of the authentication. When I'm trying to login from Google Account login page, I can't get redirected to the sso, so basically the connection between Keycloak and Google isn't working properly.
Client Setup
Client ID - google.com/a/gcp-test2.com
Name - gcp-test2.com
Enabled ON
Consent Required OFF
Client Protocol - saml
Include AuthnStatement - ON
Include OneTimeUse Condition - OFF
Sign Documents - ON
Sign Assertions - ON
Signature Algorithm -RSA_SHA512
Force POST Binding - ON
Front Channel Logout - ON
Force Name ID Format - ON
Name ID Format - email
Root URL - empty
Valid Redirect URIs - empty
Base URL - /auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com?RelayState=true
Master SAML Processing URL - https://google.com/a/gcp-test2.com
IDP Initiated SSO URL Name - gcp-test2.com
Target IDP initiated SSO URL: https://fqdn/auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com
Assertion Consumer Service POST Binding URL - https://google.com/a/gcp-test2.com
SSO config on GCP side:
Login URL: https://fqdn/auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com?RelayState=true
Logout URL: https://fqdn/auth/
Use a domain-specific issuer - checked
Certificate is the one from the REALM certificate with public key.
