SAML error - Unable to extract public key


I’m trying to configure a saml connection from keycloak to nextcloud following this guide (Janik von Rotz - Configure SAML Authentication for Nextcloud with Keycloack). But after configuring it and trying to login nextcloud says:

Account not provisioned.

Your account is not provisioned, access to this service is thus not possible.

The nextcloud logs say:
supplied parameter cannot be coerced into an X509 certificate!

I already verified that all my certs are ok… it seems that nextcloud can’t read them somehow…

Any help would be appreciated, thaks