When you configure your FTP Send Port in Biztalk there is an option to select the SSO Affiliate, which lists your SSO Affiliate applications from Enterprise Single Sign-On. This is a part of what is needed.
The first thing you need is to have a promoted property on your message called "SSOTicket" and this have to have a specifict value. I do this in a pipeline component, but I thing you also can do this in an Orchestration. The code is as follows:
public Microsoft.BizTalk.Message.Interop.IBaseMessage Execute(Microsoft.BizTalk.Component.Interop.IPipelineContext pc, Microsoft.BizTalk.Message.Interop.IBaseMessage inmsg)
ISSOTicket ssoTicket = new ISSOTicket();
inmsg.Context.Write("SSOTicket", "http://schemas.microsoft.com/BizTalk/2003/system-properties", ssoTicket.IssueTicket(0));
Create a send pipeline that uses this pipeline component in the Encode phase.
Set the "Allow Tickets" to yes on the system:
Then you need to create an affiliate application in Enterprise Single Sign-On:
Give it a nice name and remember to check the check boxes:
Sample code at http://code.msdn.microsoft.com/Use-single-signon-with-FTP-b6414ce8