Can the APM extract an o365 SAML token when the BIGIP is configured as an IDP ?

Here is my dilemma: A user gets authenticated to o365 via SAML without the APM seeing or participating in the authentication and just by WAP/ADFS (IDP for 0365) servers. Once the user is inside o365, the Sharepoint desktop will contain a link to the Citrix/Storefront environment.

 

This link ( and URI) will be sending the request to a BIGIP that is acting as a SAML SP for Citrix which needs to send such authentication request to the same WAP/ADFS IDP that already authenticated the user.

 

Can the APM (SAML SP for Citrix) pass the valid o365 SAML token from that user to the WAP/ADFS (IDP) so we avoid getting a new authentication request and therefore providing SSO?

 

Any help/direction is greatly appreciated