Thank you for posting your question in Microsoft Q&A.
Yes, you can utilize Azure AD app proxy for achieve what you are looking for. You can follow below link for the steps to configure this,
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-on-premises-apps
However, as you mentioned Azure AD application proxy is used for users to access application from external network (remote). This will perform SAML authentication only if users try to access the application from external network. If users try to access the application from corporate network, it will fail the authentication because you mentioned that your internal SSO doesn't support SAML authentication.
To overcome this situation, you will have to ask internal corporate network to access the application using external URL that is published in Azure AD app proxy.
There is another approach using which you can get AAD to do SAML SSO for your internal application.
You will have to configure your on-premise application in Azure AD as "create your own application"
- You can login to Azure portal
- Access the Azure active directory blade.
- Click on Enterprise applications.
- Click new application and then click on "create your own application".
- Select the option "Integrate any other application your don't find in the gallery (non-gallery)"
- Post creating an application, you can access the single sign-on blade and configure SAML settings.
By configuring application this way, you can utilize AAD for SAML authentication and post authentication AAD can pass the SAML token to application directly.
Do let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.