I am trying to configure my application (SP) to work with remote IDP. The IDP provided me with a certificate to configure with SP. For SAML request, do I use SP's public key or IDP's? Also, where can I find good resources to study SAML in detail (apart from the oasis formal documents). The tutorials that I find are very simplistic (i.e. they just describe that SP goes to IDP and then it is redirected back but do not go into detail on SAML messages). The oasis documents are confusing. Thanks for any answers
Signing is done using private keys - not public keys.
So, if the SAML request needs to be signed, SP must use its private key for it. Also, a certificate containing SP's public key should be given to the IdP to validate the signature.
The reason for IdP providing you its certificate is for SP to validate the signed SAML responses sent by the IdP.