Users are not redirected to AD FS to get prompted for username and password when accessing the Internet. 

Users are not able to access the Internet.

The default SAML authentication mode is origin-cookie-redirect, because SAML requires redirects.

1. Transparent Deployment

2. SAML authentication is configured based on How to configure SAML authentication on the ProxySG with AD FS HOWTO127109

Configure the Authentication Mode of the Web Authentication layer for SAML authentication to origin-cookie-redirect.