As described in Profiles for the OASIS SecurityAssertion Markup Language (SAML)V2.0 (https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf) chapter 4.1.4.5 a service provider MUST prevent replay attacks by keeping a cache for a processed assertion during the time that an assertion is not expired.
I know that OpenSAML supports preventing replay attacks by offering a security policy and cache implementation against replays, but I cannot find the usage of those implementations anywhere in Spring SAML. I expect WebSSOProfileConsumer to provide such a functionality. Can anyone point me in the right direction on where (if at all) this behavior can be found?
