SAML: HTTP-Artifact mode should be discouraged
Summary
Our current SP metadata
<AssertionConsumerService
isDefault="true"
index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.lemontest.lxd/saml/proxySingleSignOnArtifact"/>
<AssertionConsumerService
isDefault="false"
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.lemontest.lxd/saml/proxySingleSignOnPost"/>
means that if we connect LLNG to a SAML IDP that supports Artifact, the IDP will probably chose HTTP-Artifact instead of HTTP-POST.
Artifact is rarely used in the wild, POST is prefered because it does not require to open a firewall between SP and IDP (and is much simpler to debug)
Design proposition
We should make HTTP-POST the default