ADFS/Sharepoint - authenticating to a 3rd party application in separate/untrusted domain

Question

Suppose I have a Windows domain "A" along with Sharepoint and ADFS.  All user accounts within Sharepoint are domain based.  Now within Sharepoint I have links to an external .NET web application that is a member of its own domain "B"; there is no trust between domains A and B.

I would like to configure single sign on such that the domain A users can click on the links to external site in domain B from within Sharepoint and not be prompted for login.  Domain A users would not have accounts in domain B, but their credentials would be converted to a token by ADFS for authentication by the domain web application.  Is this possible, and if so, what are my requirements with respect to ADFS?  Do I need ADFS present in both domains, only in domain A, or only in domain B?  The user accounts in the external web application would be contained within a SQL database (and not in domain B Active Directory).

My inital thought is I need ADFS in domain A, with a trust to Sharepoint, and adding the external web application as a relying party.  Please advise; thanks.