Ability to store `authn_request.uuid` for InResponseTo comparison

[Jamedjo]

I'd like to verify that certain requests were initiated from the service provider, rather than being unsolicited ones from the IdP. I'd like to do this by storing authn_request.uuid from #request_phase and then later comparing this to InResponseTo. This might involve matches_request_id, or might bypass that to sometimes allow unsolicited IdP initiated requests.

The SAML protocols spec section on 4.1.4 Use of Authentication Request Protocol includes the following:

4.1.4.3 <Response> Message Processing Rules Regardless of the SAML binding used, the service provider MUST do the following: • ... • Verify that the InResponseTo attribute in the bearer <SubjectConfirmationData> equals the ID of its original <AuthnRequest> message, unless the response is unsolicited (see Section 4.1.5), in which case the attribute MUST NOT be present

Unfortunately I don't have any way to access authn_request.uuid during the request phase to make this work.