This is the way i have solved the verification of signatures with OpenSAML
https://blog.samlsecurity.com/2012/11/verifying-signatures-with-opensaml.html
I have also written a book, A Guide to OpenSAML, where I explain in detail encryption and signing and more using OpenSAML.
What is important with the OpenSAML verification methods is that they only verify the cryptographic validity of the signature (That the content has not been changed). It does not however verify that the sender is someone that you trust.
The Signature validator is instantiated with the public key of the sender to validate against, the public key of the sender. This is normally exchanged is the setup of an identity federation using SAML Metadata