Here is my dilemma:
A user gets authenticated to o365 via SAML without the APM seeing or participating in the authentication and just by WAP/ADFS (IDP for 0365) servers.
Once the user is inside o365, the Sharepoint desktop will contain a link to the Citrix/Storefront environment.
This link ( HTTPS://host and URI) will be sending the request to a BIGIP that is acting as a SAML SP for Citrix which needs to send such authentication request to the same WAP/ADFS IDP that already authenticated the user.
Can the APM (SAML SP for Citrix) pass the valid o365 SAML token from that user to the WAP/ADFS (IDP) so we avoid getting a new authentication request and therefore providing SSO?
Any help/direction is greatly appreciated