Post 4.1.0-25 Post data Preservation changes mean that the agent is interfering less with the post data. A consequence of that is that the mapping between URL and original saml request id is stored in a local file cache on one agent.
This means that in a load balanced agent scenario, a load balancer cookie has to be set and observed by whatever is in front of the agent. Without this, the value cannot be retrieved leading to a 404 (file not found) error.
The proposal is to provide an option to augment the file-based cache with a http-only encrypted cookie that can be used instead.
This is similar to something used in java agent 5, and would use existing encryption libraries for encryption and decryption.