We are currently using Shibboleth, and would love to get away from using java/Tomcat. It looks like Keycloak also uses java. Is there an alternative to this that doesn't require it?
Maybe https://github.com/zitadel/zitadel could be an alternative to you.
Its written in Go, can be self-hosted or used from a cloud service.
It will also soon (end of May) provide SAML 2.0 support besides the current OpenID Connect and OAuth support.
Disclaimer: I am one of the authors ;-)