Hi Narendra,
No, the Authentication URL must be a fully formed URL and not relative URI.
What you can do is make the Authentication URL an active page that detects whether the user is internal/external, then redirect the user to a URL that is protected with the appropriate auth scheme for the user type. Keep in mind the user will need to be returned to saml2sso with their original query parameters after authentication. You may be able to leverage the out of the box redirect.jsp to accomplish some of this. For SP-initiated POST requests, the TransactionID needs to be on the query string upon return to saml2sso after authentication (if you study the behavior of the ootb redirect.jsp you will understand how the request needs to be formatted after authentication).
An alternative to this is to protect the saml2sso URL instead of relying on the Authentication URL. This method assures the user always has a session upon accessing saml2sso while allowing the auth scheme protecting the page to use a relative URI in the auth scheme. Since internal/external users use different FQDNs, this would also allow you to use a different realm and thus different authentication scheme for each user type.
Regards,
Pete