According to the SAML specifications, the trusted partner site must ensure a single-use policy for SSO assertions that
are communicated using the Web Browser POST Profile. SAMLPOSTProfileServlet
maintains a
store of SSO assertion identifiers and the time that they expire.
When an assertion is received, the servlet first checks for an entry
in the map. If an entry exists, the servlet returns an error. If an
entry does not exist, the assertion identifier and expiration time
are saved to the map. POSTCleanUpThread removes
expired assertion identifiers periodically.