Hi Stian,
I'm trying integrate Keycloak a Google Apps domain since July this year, but I don't have sucess, in attached following my client json for check, because this part of SAML don't send correct to Google Apps:
| Element | <Audience> |
|---|
| Description | URI that identifies the intended audience which requires the value of ACS URI. Note: element value cannot be empty |
|---|
| Required Value | https://www.google.com/a/<yourdomain.com>/acs |
|---|
| Example | <saml:Conditions
NotBefore="2014-11-05T17:31:37Z"
NotOnOrAfter="2014-11-05T17:37:07Z"
<saml:AudienceRestriction>
<saml:Audience>https://wwww.google.com/a/yourdomain.com/acs<saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions |
|---|