I would use the .Claims property - this passes in the requested claims.
Add the "external user id" claim here to indicate to the STS that you need this claim in the RSTR.
Question
There are a couple of properties that seem to allow this:
Properties (which is a Dictionaty) AdditionalContext and Context...
I cannot find any guidelines as to which would be most appropriate to use...
I basically need the requestor of the token to provide me with a "External User Id" and the STS I am building will include that as a claim in the response (RSTR).
Solution
I would use the .Claims property - this passes in the requested claims.
Add the "external user id" claim here to indicate to the STS that you need this claim in the RSTR.
OTHER TIPS
You must have noticed that manipulating RequestSecurityToken.Properties
requires custom WSTrust13ResponseSerializer
and WSTrust13RequestSerializer
classes to be implemented.
Afterwards you should assign these custom classes to SecurityTokenServiceConfiguration
class.