Currently, we have flags like Force POST Binding or Force ARTIFACT Binding. This approach is not flexible, hard to understand and doesn't provide a way to configure some functionality that is needed in some scenarios.

For example should we support a Force POST Binding when ARTIFACT binding is requested in a SP SAML request ?
For example, a customer requirement might be to add one more condition to allow Force POST binding even if SP sends a parameter in SAML Request ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"

We need to introduce some more fine-grained settings for this (like to introduce a new flag in the client configuration), for example:

• never use Artifact binding for this client,
• always use Artifact binding but never send the Artifact using POST binding,
• use whatever binding except for REDIRECT, etc.