Great work on this claims provider for AD users coming from ADFS!
Next is how to deal with federated users when we cannot do any sort of name resolution. For example, our ADFS is federated with othercompany.com, or via the Azure ACS, federated with Google, Yahoo, etc.
In planning to write my own claims provider for this I was thinking something along the lines of:
If input contains '@' and not @ourdomain.com
assume this is an external email address..
check for general well-formed email address, but just resolve no matter what
do resolution against our AD...