diff --git a/docs/simplesamlphp-artifact-sp.txt b/docs/simplesamlphp-artifact-sp.txt
new file mode 100644
index 0000000000000000000000000000000000000000..c71b62acd19b66ea0974dcab1044dcb90c9b65c6
--- /dev/null
+++ b/docs/simplesamlphp-artifact-sp.txt
@@ -0,0 +1,29 @@
+Using HTTP-Artifact from a simpleSAMLphp SP
+===========================================
+
+This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP.
+
+Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration.
+To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding.
+
+In addition to selecting the binding, you must also add a private key and certificate to your SP.
+This is used for SSL client authentication when contacting the IdP.
+
+To generate a private key and certificate, you may use the `openssl` commandline utility:
+
+    openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
+
+You can then add the private key and certificate to the SP configuration.
+When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
+
+Example configuration
+---------------------
+
+    'artifact-sp' => array(
+        'saml:SP',
+        'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+        'privatekey' => 'sp.example.org.pem',
+        'certificate' => 'sp.example.org.crt',
+    ),
+
+See the [SP configuration reference](./saml:sp) for a description of the options.
diff --git a/docs/simplesamlphp-reference-sp-hosted.txt b/docs/simplesamlphp-reference-sp-hosted.txt
index c234baa6cbb5fc4f519b2d2cc3dd6e5dcedbdda4..10822615cb65d9263c29aa724264d2c3c1f858a9 100644
--- a/docs/simplesamlphp-reference-sp-hosted.txt
+++ b/docs/simplesamlphp-reference-sp-hosted.txt
@@ -136,9 +136,21 @@ The following SAML 2.0 SP options are available:
 `privatekey_pass`
 :   The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
 
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
+
 `RelayState`
 :   The page the user should be redirected to after an IdP initiated SSO.
 
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
+
 `SingleLogoutService`
 :   Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`.
 
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 2d44c0fcc18a4147458b391aaa8782c6f2afe7a0..0ae5b8db22dd01d3e7d40df5ab577b0b2bd4957e 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -230,6 +230,20 @@ Options
 
 :   *Note*: SAML 2 specific.
 
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
+
+:   *Note*: SAML 2 specific.
+
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
+
 `saml1.useartifact`
 :   Request that the IdP returns the result to the artifact binding.
     The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.