We have 2 domains in our scenario, one is \INT and the other one is \RSC. one ad fs and one AD/DC are hosted in each domain

We have configured the INT's AD FS as a cliam provider and RSC's ADFS as a relying party between the two AD FS, and we chose 'pass through the windows account name(SAM account) as a claim ' from INT's AD FS as the claim rule to RSC's ADFS.

Now, after receiving the incoming claim on the RSC's AD FS , we would like to check if the value of that incoming claim(SAM account) exists in the RSC Domain, we would use Active directory as a store. If yes, w would issue an attritube, Role into the claim and pass to SharePoint.

In my case, all the user accounts which are inside the INT domain are also exist in the RSC domain. (e.g. Assume tom and mary are two domain user accounts inside INT, so the two user accounts which are tom and mary are also exist inside the RSC domain). After INT's ADFS has authenticated Tom idenity, it would pass the claim which contains SAM account to RSC's ADFS; now , instead of just pass through all incoming claims to sharepoint, we would like to issue a role claim if RSC Domains contains a SAM account called Tom. 

Any one know how to write a rule claim language on the RSC's AD FS? should I config it on the ClaimProvider Trust of the RSC's AD FS?

My drafted code is shown as below:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role","http://schemas.microsoft.com/ws/2008/..."), query = "sAMAccountName={0},Role;DOMAIN\RSC", param = c.Value);

Does anyone can help me to improve/correct the above code? Thanks