In my SAML response I have the <KeyInfo> tag with a Certificate. I havent found any explanation of the fields.
Is this key the public key of the IdP (Im the SP) that should match with the key provided in the metadata from the IdP?
<KeyInfo>
<X509Data>
<X509Certificate>MII...</X509Certificate>
</X509Data>
</KeyInfo>
If the key info element is in connection to the XML signature of the response, the certificate in X509Certificate is the certificate used in signing the response message.
You now have to establish that this key can be trusted. This could for example be that it is the same key provided in the metadata. I would say this is the common case.