Solved!
Things I had to do:
Breakthrough:
When creating the client, Client ID must match the Issuer value sent in AuthNRequest because Keycloak pulls the issuer from the Authn SAML request and match it to a client by this value.
Next thing that needs to be done is to set IDP-Initiated SSO URL name. Leaving this blank will disable IDP initiated flow. The target URL that you need to reference from your browser will be in the following format:
The target Identity Provider (IdP)-initiated SSO URL is the Assertion Consumer Service (ACS) endpoint of your application. This is the endpoint where service you're integrating with, acting as the IdP, sends the SAML assertion after authenticating the user. This URL must be registered with service you're integrating with as part of the SAML integration, ensuring that SAML assertions are securely and correctly routed to your application.
Next, under Advanced tab, we need to set Assertion Consumer Service POST Binding URL. This should be the URL to your backend application that just do the redirect to your frontend application. Particularly in my case, I configured this endpoint on Ingress in way it does Permanent Redirect (301) to my frontend application (whenever it match https://myapp.com/saml-continue URL). However, it is also possible just to open simple endpoint in your backend server which will do the redirect to frontend.