SAML: HTTP-Artifact mode should be discouraged
Our current SP metadata
<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://auth.lemontest.lxd/saml/proxySingleSignOnArtifact"/> <AssertionConsumerService isDefault="false" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://auth.lemontest.lxd/saml/proxySingleSignOnPost"/>
means that if we connect LLNG to a SAML IDP that supports Artifact, the IDP will probably chose HTTP-Artifact instead of HTTP-POST.
Artifact is rarely used in the wild, POST is prefered because it does not require to open a firewall between SP and IDP (and is much simpler to debug)
We should make HTTP-POST the default