Fortigate SSL VPN via Google SAML

Hi everyone.

I am trying to set up Forticlient VPN users to be able to authenticate and get VPN access using their Google accounts. We have a Fortigate FGT60E with FortiOS 7.4.9 running.

Right now we have a SSL-VPN set up and working fine but with separate account credentials + FortiTokens.

I had tried following different guides I found online + trying to use the logic of my own but I am stuck, based on logs fortigate does not really understand how to map a user to a group. 

I had created a custom SAML app with : ACS : https://MyFQDN:10443/remote/saml/login/
Entity ID: http://MyFQDN:10443/remote/saml/metadata/
Start URL: https://MyFQDN:10443/remote/login
Signed response checked
Certificate valid until 2031.
Basic information > Primary email Attribute mapping : Primary email -> username

On Fortigate side, under User & Authentication SSO I created Google_SAML, with this config :
Entity ID : http://MyFQDN:10443/remote/saml/metadata/
Assertion consumer service URL: https://MyFQDN:10443/remote/saml/login/
Single logout service URL: https://MyFQDN:10443/remote/saml/logout/
Identity Provider configuration:
Entity ID : https://accounts.google.com/o/saml2?idpid=xxxx
Assertion consumer service URL: https://accounts.google.com/o/saml2/idp?idpid=xxxx
Single logout service URL: https://accounts.google.com/o/saml2/idp?idpid=xxxx

Certificate is selected the one from google that I uploaded as Remote Cert.
Attribute used to identify users: username

Note : MyFQDN:10443 is reachable but when I click Single Sign on, I get redirected to google, and when I try to connect with my account I get Forbidden - you don't have permission to acces /remote/saml/login/(null) on this server.
Fortigate logs show : Failed to process response message. ret=101 (Signature element not found)
sslvpn_login_unknown_user

IDP sig verify is required for response and assertions.

Any help is welcome. Thank you in advance.