According to the SAML specifications, the trusted partner site must ensure a single-use policy for SSO assertions that are communicated
using the Web Browser POST Profile. SAMLPOSTProfileServlet
maintains a store of SSO assertion identifiers and the time
that they expire. When an assertion is received, the servlet first checks
for an entry in the map. If an entry exists, the servlet returns an error.
If an entry does not exist, the assertion identifier and expiration time are
saved to the map. POSTCleanUpThread removes expired
assertion identifiers periodically.