...
Using the above-mentioned settings, the SP will preserve and re-post the HTTP POST data after the user got a valid Shibboleth session. Note that this can have unintended consequences if the user clicks on the back button of his web browser. In this case the HTTP POST data might be resent again. Therefore, the application that processes the POST data should take this into account when accepting the data.
Also note that this feature only works for POST data encoded as application/x-www-form-urlencoded, which excludes forms with file uploads. POST requests not encoded as Content-Type application/x-www-form-urlencoded will be silently converted into GET requests, and the body data dropped. A note will be made in the logs, depending on log level, but the end user will not be notified. This could be confusing to the end user and therefore might necessitate web application level changes to improve the user's experience.
For further information, have a look at the configuration options postData, postTemplate and postExpire on Sessions.
SAML message delivered with POST to incorrect server URL.
...