AES-128-GCM is currently (as of Dec. 2024) unsupported by Keycloak for SAML encryption, per Keycloak#14464:

... our SAML encryption always uses "http://www.w3.org/2001/04/xmlenc#aes128-cbc" as the encryption for encrypting SAML assertions etc. We don't even have any way to override it in the configuration. We do not need to limit ourselves to the original XML encryption spec. Keycloak uses Apache Santuario which supports also GCM (and other) algorithms since Santuario 1.5.0 (we're on 2.2.3) via BouncyCastle. We do not use those at this moment, but technically it should be relatively straightforward...

Given that there is a linked discussion further down that appears to be closed, it would appear the Keycloak has no imminent intention to support GCM over CBC.

If you are looking for a quick way to test your SP with an Identity Provider that supports GCM, I would look to something like SimpleSAMLphp which is very easy to deploy and supports GCM.