I don’t have time to write full instructions, but the early problems we ran into had to do with the “client id”. Based on your error, perhaps you are running into the same issue.
The SAML client id needs to be “https://<fqdn>/samlConnectors/getMetadata”. We discovered this through experimentation and by examining the error logs.
