The source of my problem was: a) I was using a custom WSFederationAuthenticationModule. b) I wasn't wiring up the events in the Global.asax using the name of the custom module.
Assuming my web.config has this in it:
<system.webServer>
// ...
<add name="MyCustomWSFederationAuthenticationModule"
type="MyLib.MyCustomWSFederationAuthenticationModule, Thinktecture.IdentityModel, Version=1.0.0.0, Culture=neutral"
preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
preCondition="managedHandler" />
// ...
</system.webServer>
And assuming "MyCustomWSFederationAuthenticationModule" is the name of the custom fed-auth module. Then I just had to fix the name of the method handler (with nothing in app start).
protected void Application_Start()
{
//Nothing here.
}
//This never seems to fire either...
void MyCustomWSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender,
SessionSecurityTokenCreatedEventArgs e)
{
if (e.SessionToken.ClaimsPrincipal.HasClaim("someClaim", "someValue"))
e.SessionToken.IsPersistent = true;
else
e.SessionToken.IsPersistent = false;
}