As mentioned in the CloudGateway eDocs,  AppController is the unified policy controller of Citrix CloudGateway Enterprise that lets you securely deliver enterprise Web and Software-as-a-Service (SaaS) applications, native iOS applications, and integrated ShareFile-based data. In addition, when you use StoreFront to integrate ShareFile with XenApp and XenDesktop, AppController provides a single place to manage enterprise application delivery, as well as a single point of access for all users. The ShareFile data integrated into Citrix Receiver is also managed by CloudGateway, to ensure that users have access to shared data when they need it, across devices.  The AppController virtual machine (VM) is a virtual appliance that runs on Citrix XenServer and is managed with Citrix XenCenter. You can also install AppController on VMware ESXi.
Here is a sales Knowledge Base (KB) article CTX133820 that was published a few months ago but I wanted  to ensure it got highlighted because it is about Cloud Gateway’s AppController component working as SAML Identity Provider (IdP) and NetScaler as SAML Service Provider (SP).  SAML is Security Assertion Markup Language – cool feature that is in NetScaler 10 software release.  And if you missed the blog of NS 10 security features, here is a link.   Similar to last KB blogs, this is a continuation on how NetScaler SAML is configured and in this case it is with CloudGateway.
The advantages of this solution of course is having a unified Citrix solution for customers that want to use SAML with CloudGateway as IdP and NetScaler as SP.  And with this solution there is no need to buy another IdP server.  Another reason is that configuring NetScaler load balancing and content switching vserver as a saas app in the CloudGateway, the websites will have single-sign-on with User credentials at IdP and no password is required with NetScaler.
Here is a capture of the Cloud Gateway System settings but feel free to using the KB article for the details.