Using DotNetOpenAuth I have enebled OpenID login to a local sportsclubs website. Besides users logging in from home, we also have a PC within the club running IE in kiosk mode. I have some security concerns with this kiosk PC.
1) Can I somehow tell the identity provider not to offer the "Keep me signed in" option? Or at least for Yahoo uncheck it by default.
I am hoping it can be defined in an extension or something, but I haven't found anything like that.
2) I can easily log out a user from our own site, but the session to the identity provider remains. This allows anyone on the kiosk PC to login as the last person using OpenID.
I have a logoff button on my page, and on the kiosk PC even timed activation of the logoff button. With Google, Yahoo and AOL I have found logoff urls. I activate those as part of the logoff process.
Does anyone know a logoff url for myOpenID? and maybe other providers. Or even better can I request the url from the provider like I request the email?
If it helps anyone these the the urls I found so far:
Google: https://www.google.com/accounts/Logout
Yahoo: https://login.yahoo.com/config/login?logout=1
AOL:https://my.screenname.aol.com/_cqr/logout/mcLogout.psp
Thanks in advance,
Jan
