I'm using IdentityServer with passive federation. I want to add some custom claims to the session token during login. In the AuthenticationHelper class in the CreatePrincipal method I added my custom claims. However, I don't see my claims in the RP. I'm starting to wonder if what I'm trying to do is even possible. Any ideas/suggestions?

This method is only for IdSrv internal claims. 

To add claims to the token you need to implement IClaimsRepository (or IUserRepository - depends on the version).

I did implement IUserRepository, and I added my custom claims to the GetSupportedClaimTypes method. However, I don't know where to actually add the claims to the token (while I'm still in the IdentityServer) so I can use them in the RP. I can't think of another place then in CreatePrincipal. I could use profile properties for this, but I don't really want that. That would mean my RP must have access to the membership database.

Claims you add in AuthenticationHelper should be visible in the IUserRepository.GetClaims() method. From there you can add them to the token.

Yeah, I understand, but that's where I'm struggling. I don't know how to add them to the token in such a way that I can read them from the token in the RP.

I don't understand. All the claims you return from IUserRepository.GetClaims() go into the token. Can't you see them in your RP?

Okay, I'm just being stupid here. I was making it much more complicated than it really is. When I add my custom claims in the GetClaims method, it just works. Somehow, I thought I had to add the claim before creating the the sessioncookie. Never mind, it works now, thanks!