Using DotNetOpenAuth, I registered an OpenID login to the site of local sports clubs. In addition to logging in users from home, we also have a computer in the club that runs IE in kiosk mode. I have some security issues with this kiosk computer.
1) Can I somehow tell the identity provider not to offer the Keep me signed option? Or, at least for Yahoo, uncheck the default box.
I hope this can be defined in the extension or something, but I did not find anything like it.
2) I can easily log out a user from our site, but the session for the identity provider remains. This allows someone at the kiosk computer to log in as the last person using OpenID. I have an exit button on my page, and on the computer with a kiosk, the activation of the exit button is even timed. With Google, Yahoo, and AOL, I found the logout URL. I will activate them as part of the logout process.
Does anyone know the exit URL for myOpenID? and possibly other suppliers. Or even better, can I request a URL from a provider, how do I request a letter?
If this helps someone, then the links I have found so far are:
Google: https://www.google.com/accounts/Logout
Yahoo: https://login.yahoo.com/config/login?logout= 1
AOL: https://my.screenname.aol.com/_cqr/logout/mcLogout.psp
Thanks in advance,
Yang
source
share