Certificate validation for SAML

As SP(my web application) who get IDP(Okta) SAML response, how do I validate the certificate? I could not find any document that describe how to setup the certificate validation. Do I need to download it from okta and configure it to be used in metadata?

I would assume this is very common requirement, assuming in my python saml client, I specify “want_response_signed”: True.

my understanding is that the certificate(public key) that is used to sign the response will be also included in the SAML response, that is to be used to make sure the response is not compromised by others, but I also need to make sure the response is really coming from okta.

Download the Okta public key from the IdP metadata link on signon tab of Okta application