Big-IP and ADFS Part 2 - APM: An Alternative to the ADFS Proxy

Greg, I have read your articles on this topic front to back a few times and I am still having a hard time applying them to my scenario. As best as I can describe here goes:

 

 

It seems as you are using the BigIP to front end your ADFS environment where ADFS is acting as the IdP in order for users on your LAN to authenticate to Office 365, the SP. What I am trying to do is retrofit this concept to the opposite, where I need to accept inbound assertions from an external IdP and allow access to an internal resource on my LAN. I have ADFS built and I am ingesting assertions from the external IdP but I would like to use the BigIP as the reverse proxy for not only the connection between the IdP and my ADFS server, but to also provide a secure front end that mirrors that of the default STS logon page on ADFS, ultimately allowing an external user to auth against their IdP, ADFS process the claims, issue a new token for my internal sharepoint site to that client and then redirect them to the VS that will be front ending my sharepoint site. Are these concepts you discuss in this series still applicable or is this a completely different scenario requiring another solution? I would love to see this laid out if you have gone through this scenario as well.