When federating with Office 365, there is no need to share any private key. Actually, you should never share a private key, it's private...
Then there are things you can do and things you can't.
You cannot do offloading or any type of inspection that terminates the SSL tunnel between WAP and ADFS.
You can do it on the front of ADFS but this break certificate based (TLS) authentication. Things are explained in details here: SSL Termination with Web Application Proxy and AD FS 2012 R2
https://blogs.technet.microsoft.com/applicationproxyblog/2014/07/04/ssl-termination-with-web-application-proxy-and-ad-fs-2012-r2/
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.