In Switzerland, as I understand is the case in many other countries, we have legal requirements pertaining to SAML and Artifact Binding when integrating Public Systems.

Currently, when Keycloak functions as an Identity Provider (IdP), it supports the handling of Artifact Binding.
However, this support is not extended when Keycloak operates as a Service Provider (SP).

Consequently, we have initiated the implementation of Artifact Binding handling for scenarios where Keycloak is acting as a Service Provider.
This development began on the 23.0 branch of our fork.
We have successfully managed to facilitate its operation between two Keycloak instances.
We also have attempted integration with WSO2 as an Identity Provider.
However, this integration has encountered an exception when parsing the SOAP request.

Despite these advancements, several concerns remain:

Issues with Signature Verification:

• We are currently unable to implement signature verification successfully. This issue persists even with POST-BINDING, where signature verification also fails.
• Given our limited expertise in SAML, it is possible that the configuration of the Keycloak instances might be incorrect.

Uncertainty Around Testing:

• We are uncertain about the appropriate location for writing tests for this implementation, as well as the types of tests that are expected.

Lastly, we have a couple of open questions:

• Is SAML artifact binding already a part of Keycloak's development roadmap?
• Would it be acceptable to contribute to this area of development through a pull request (PR)?