Well, while trying to do some tests, I've discovered that what is done on the server is actually irrelevant. As the STSClient strips the claims out of the request when it sent to the server. In fact, the WSTrustRequestWriter which is used to serialize the request context, just ignores them
Are claims not supported then?
PL2 work is currently being undertaken in the trunk.http://anonsvn.jboss.org/repos/picketlink/federation/trunk/
So if you have suggestions/bugs/patches, now is the time.
Each of our token providers are supposed to do one thing and one thing well. Any enhancements or customizations can be done with extended token providers (that need to be written). We do not want to carry fat chicken around as token providers.