We have the following Situation.
Public reachable SSO Portal based on Microsoft ADFS (sso.company.com) Public reachable Citrix Netscaler (netscaler.company.com) Private WebServer (web.company.com) - Not reachable from the internet.
We managed to authenticate against the Netscaler portal with ADFS. Also we can authenticate against the WebServer inside our Network with ADFS.
Our problem is now to configure Netscaler in a way that we also can use the SSO Login to web.company.com from outside via Netscaler.
I hope that's somewhat clear.
I assume you are using SAML and not OAUTH (shouldn't make a difference):
Is SSO for web.company.com SAML based?