Most examples use allow_unsolicited to ignore this so it is a bit hard to find good sources.

Many of those examples also reference to a "built-in cache for authn request ids in pysaml2", but I can't find any usage of that anywhere.

I have tried to do this myself by just saving the ids I send to a dictionary and then give them as a parameter to parse_authn_request_response.

My question is this. How should this really be done? Is there a built in cache or what is the recommended way of verifying the in_response_to ids?

Thank you