I assume I should rely on the IDP's certificate supplied in metadata and not the one in the response itself (although they should be the same).
Is there some way to do this with openssl or xmlsec1 commands?
From the wording of your question, I think you may wish to read up on the concept of digital signatures.
Their SSO profile was vulnerable to a Man-in-the-middle attack from a malicious SP (Service Provider).
Since exchange of a static symmetric key is problematic -- if it's intercepted, the interceptor can both encrypt and decrypt any messages -- what can be done instead is to use a dynamic symmetric key that gets generated anew for each message, encrypt the message using the key, then encrypt that key with the public key of a private/public encryption key pair and send it along with the message.
The encrypted symmetric key can only be decrypted using the private half of the key pair used to encrypt it.
I'm in the process of making changes to my site so that we can be a SAML 2.0 Service Provider.
We will be doing Id P initiated SAML with Out-of-Band account federation.