Thanks for pointing me to the documentation page, which I checked. I did not find all the answers to my questions there, but with the help of this post
I was able to resolve my issues. Mainly it helped to create a SP certificate and key file for SAML only and not using my webserver’s SSL cert and key files. Also setting up the logs like it’s described in the post above helps getting meaningful logs with authentication errors.