A variant of option 2 would be to use a user store with a single user in it. Then you could configure your user lookup with a hard-coded filter to always return that single user. The result is that any valid SAML assertions will be accepted.
You could configure the federation partnership to use the "Persist Attributes" redirect mode. In this way, the attributes in the assertion are written to the session store. You could then include them in HTTP header responses if required.
Pearse