I fought today to get this working with AWS and finally managed it, i will leave here the steps i did as it might help others:
In the client:
settings -> Name ID Format -> Persistente
Settings -> Include AuthnStatement -> ensure is enabled
Roles -> arn:aws:iam::<account_id>:role/readonlySaml,arn:aws:iam::<account_id>:saml-provider/<iam_saml_name>
Notice the comma in bettween, should be role arn + saml-provider arn
Scope -> Full Scope Allowed -> disabled
The remaining steps are the ones in the guide.