You could use ADFS yes, as long as the application can use a federation protocol for authnetication.
ADFS does not interact with IPSec though. It is network agnostic.
You would have two options:
- Deploy ADFS in domain A, deploy ADFS in domain B, create a trust between the two (this does not require network connectivity, you can do it with exporting importing files). The user will have to be able to do IPSec though.
- Deploy ADFS in domain A only and create an LDAP provider for the domain B. User won't have SSO but they will be able to use their own account. In that scenario, not only the users will still need to do IPSec ontheir own, but the ADFS serverwill also need to do IPSec to reach the DCs on the other side.