diff --git a/mandaye/auth/saml2.py b/mandaye/auth/saml2.py
index 2f0880c..4e7f436 100644
--- a/mandaye/auth/saml2.py
+++ b/mandaye/auth/saml2.py
@@ -24,9 +24,10 @@ virtual host :
 
 Optional options :
  * saml2_sp_logout_url: the url to logout the service provider (deprecated: use sp_logout_url instead)
- * saml2_authnresp_binding: only post is supported for now
+ * saml2_authnresp_binding (default: post): artifact, post, redirect or soap
  * saml2_authnreq_http_method: only http_redirect at the moment
- * saml2_name_identifier_format: only persistent at the moment
+ * saml2_name_identifier_format (default: persistant): email, transient, persistent, unspecified (username like gapps),
+   encrypted, entity, windows, kerberos or x509
  * saml2_metadata_url: saml end point of the metadata
  * saml2_single_sign_on_post_url: saml end point of single sign on post
  * saml2_single_logout_url: saml end point of logout
@@ -41,6 +42,26 @@ END_POINTS_PATH = {
         'single_logout_return': '/mandaye/singleLogoutReturn',
 }
 
+NAME_IDENTIFIERS_FORMAT = {
+        'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL,
+        'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT,
+        'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
+        'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
+        'username': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
+        'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED,
+        'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY,
+        'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS,
+        'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS,
+        'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509,
+}
+
+METADATA_BINDING = {
+        'artifact': lasso.SAML2_METADATA_BINDING_ARTIFACT,
+        'post': lasso.SAML2_METADATA_BINDING_POST,
+        'redirect': lasso.SAML2_METADATA_BINDING_REDIRECT,
+        'soap': lasso.SAML2_METADATA_BINDING_SOAP
+}
+
 class SAML2Auth(AuthForm):
     """ SAML 2 authentification
     """
@@ -75,13 +96,22 @@ class SAML2Auth(AuthForm):
         private_key = self._get_file_content(
                 self.env['mandaye.config']['saml2_signature_private_key']
                 )
+        authnresp_binding = self.env['mandaye.config'].get('saml2_authnresp_binding', 'post')
+        name_identifier_format = self.env['mandaye.config'].get('saml2_name_identifier_format', 'persistent')
+        if authnresp_binding not in METADATA_BINDING.keys():
+            err = "saml2_authnresp_binding: '%s' invalid value (must be artifact, post, redirect or soap)"
+            raise ImproperlyConfigured, err
+        if name_identifier_format not in NAME_IDENTIFIERS_FORMAT.keys():
+            err = "saml2_authnresp_binding: '%s' invalid value (must be  email, transient, persistent,".\
+                    " unspecified (username like gapps), encrypted, entity, windows, kerberos or x509)"
+            raise ImproperlyConfigured, err
         self.config = {
                 'saml2_idp_metadata': self.env['mandaye.config']['saml2_idp_metadata'],
                 'saml2_signature_public_key': public_key,
                 'saml2_signature_private_key': private_key,
-                'saml2_authnresp_binding': lasso.SAML2_METADATA_BINDING_POST,
+                'saml2_authnresp_binding':  METADATA_BINDING[authnresp_binding],
                 'saml2_authnreq_http_method': lasso.HTTP_METHOD_REDIRECT,
-                'saml2_name_identifier_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
+                'saml2_name_identifier_format': NAME_IDENTIFIERS_FORMAT[name_identifier_format]
                 }
 
         self.metadata_map = (