Presumably you're using auth_saml (not auth_saml2)?
It looks to me like the IdP is signing with a different certificate to the one you've specified in saml20-idp-remote.php.
certFingerprint should be the fingerprint of the certificate the IdP uses for signing and it looks like you're getting an exception because the certificate the IdP has used has a different fingerprint. If this is the case, either the IdP is using the wrong certificate or the wrong fingerprint value is being used in saml20-idp-remote.php.
Where did the fingerprint value come from, did the federation supply it?
All things being equal I'd say that 890193161b16fe653bcc54893d9dcff7479db802 is the correct fingerprint if that's what the IdP is using but you should verify this.