Our application does work with Okta, so I assume that it's a configuration problem with how i've setup Keycloak.
19:40:18,010 DEBUG [io.undertow.request] (default I/O-1) Matched prefix path /auth for path /auth/realms/PLM-NSX/protocol/saml
19:40:18,011 DEBUG [io.undertow.request.security] (default task-7) Attempting to authenticate /auth/realms/PLM-NSX/protocol/saml, authentication required: false
19:40:18,012 DEBUG [io.undertow.request.security] (default task-7) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism@34d5a40a for /auth/realms/PLM-NSX/protocol/saml
19:40:18,012 DEBUG [io.undertow.request.security] (default task-7) Authentication result was ATTEMPTED for /auth/realms/PLM-NSX/protocol/saml
19:40:18,012 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-7) new JtaTransactionWrapper
19:40:18,012 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-7) was existing? false
19:40:18,014 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) RESTEASY002315: PathInfo: /realms/PLM-NSX/protocol/saml
19:40:18,042 DEBUG [org.keycloak.protocol.saml.SamlService] (default task-7) SAML GET
19:40:18,043 DEBUG [org.keycloak.saml.SAMLRequestParser] (default task-7) SAML Redirect Binding
19:40:18,043 DEBUG [org.keycloak.saml.SAMLRequestParser] (default task-7) <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
ID="app1-172.xx.xxx.xxx"
Version="2.0"
IssueInstant="2021-07-09T19:40:17Z"
AssertionConsumerServiceIndex="1">
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
<saml2p:NameIDPolicy
AllowCreate="false"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"/>
</saml2p:AuthnRequest>
19:40:18,044 ERROR [org.keycloak.saml.common] (default task-7) Error in base64 decoding saml message: java.lang.RuntimeException: PL00062: Parser : Unknown tag:Assertion::location=org.codehaus.stax2.XMLStreamLocation2$1@5c22e7c2
19:40:18,048 DEBUG [freemarker.cache] (default task-7) Couldn't find template in cache for "template.ftl"("en_US", UTF-8, parsed); will try to load it.
19:40:18,049 DEBUG [freemarker.cache] (default task-7) TemplateLoader.findTemplateSource("template_en_US.ftl"): Not found
19:40:18,049 DEBUG [freemarker.cache] (default task-7) TemplateLoader.findTemplateSource("template_en.ftl"): Not found
19:40:18,049 DEBUG [freemarker.cache] (default task-7) TemplateLoader.findTemplateSource("template.ftl"): Found
19:40:18,049 DEBUG [freemarker.cache] (default task-7) Loading template for "template.ftl"("en_US", UTF-8, parsed) from "file:/opt/jboss/keycloak/themes/base/login/template.ftl"
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) WriterInterceptor: org.jboss.resteasy.security.doseta.DigitalSigningInterceptor
19:40:18,102 DEBUG [org.jboss.resteasy.security.doseta.i18n] (default task-7) Interceptor : org.jboss.resteasy.security.doseta.DigitalSigningInterceptor, Method : aroundWriteTo
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
19:40:18,102 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
19:40:18,103 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-7) JtaTransactionWrapper commit
19:40:18,103 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-7) JtaTransactionWrapper end
19:40:18,103 WARN [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=PLM-NSX-DGM, clientId=null, userId=null, ipAddress=10.xxx.x.xx, error=invalid_token
19:40:18,104 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) RESTEASY009525: onComplete