Hello,
1) You need to create the user as normal SU01 user. Additional information could be stored in other tables as well but it is a must to have a valid SU01 user in order to perform authentication to the system!
2) You can assign roles.
In any case check the example BAdI implementation "CL_SAML20_USER_BADI_EXAMPLE".
Regards,
Dimitar