I did get it to work, one thing to be aware of is that the webtop does not allow cookie persistence. So if you want to avoid signing into your IDP when the SP session expires this is not an option for IDP initiated SSO.
So basically, create your webtop and in your access policy just before the allow event add advanced resource assign and assign the webtop to the access policy.
Then you will find after logon you should get the webtop with the SAML resource(s) you published to the webtop.
Click on one of the links and this should take you through to your cloud service. Note this link will be similar to Michael Kofman's example above, which is which you simply add to an irule which means the user will never actually see the webtop but go to the service provider.
Let me know how it pans out.