Php – OpenID Logout. I just need authentication not login to OpenID Provider

authenticationlogoutopenidPHP

Started with this question: OpenID. How do you logout

OK. So OpenID does not have single logout.
I can see the uses but there are some situations that worry me:

Single signon on is great for mobile devices and your personal computer.
You sign on once and probably never need to sign out again (just authenticating with new sites as you go).

But if I am on a public computer (airport, or even a work computer) this is a problem.

When I sign into a website using openID I am signing into two different places and that is not obvious. I sign-onto a website (stackoverflow for example using gmail account) but at the same time I have just signed into gmail (OpenID Provider).

When I sign out of stackoverflow I am still singed into gmail (OpenID Provider).

When I authenticate with gmail I don't want to login into gmail I just want to authenticate.

A hack around this is to have the logout flow log me out of gmail at the same time, but as noted on the last post, if I log out of stackoverflow I don't necessarily want to logout of gmail if I am at home.

So the question really is:
Is there a way to authenticate with these OpenID providers without logging on.

Because even sites like stack overflow, they do not log you out when you logout of the OpenID provider you authenticated with. If you have gmail account I can log in and out all day without affecting if stackoverflow is logged in.

Best Answer

People apparently fail to see the question in your question, so I repeat it here just for clarity (and with a question mark)

Is there a way to authenticate with these OpenID providers without logging on?

I believe that the answer to this question is "no" (as blowdart elaborates).

Related Solutions

Php – OpenID. How to logout

OpenID authenticates users to your site, when then starts a session on your site. You destroy or invalidate your site's session separately from the user's session with their OpenID provider.

User visits joewidgets.com > User logs in with OpenID (with a new or existing provider session) > ... User clicks logout > joewidgets.com destroys/invalidates the session.

If the user has their OpenID provider keep them logged in, and your system automatically checks, then it will create a new local session. (Un)fortunately, you don't/can't worry about what the user does or does not do at their provider, which is a pro/con of OpenID.

There is an argument at Social Lipstick which calls for "Single Sign-Out", but OpenID does not currently provide this function.

How to create DNS subdomains Linux

To create subdomain, use NS RR (Resource Record):

# cat  /var/named/chroot/var/named/padence.com.forward.zone
$TTL 1D
@       IN SOA  padence.com.            root.padence.com. (
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@               NS      sj-karntest1.padence.com.
                A       127.0.0.1
sj-karntest1    A       192.18.12.235
sj-karntest2    A       192.18.18.209
aa              NS      sj-karntest1.padence.com.
bb              NS      sj-karntest1.padence.com.

Then create two zones in your named.conf

zone "aa.padence.com." IN {
        type master;
        file "aa.padence.com.forward.zone";
        allow-update { none; };
};

zone "bb.padence.com." IN {
        type master;
        file "bb.padence.com.forward.zone";
        allow-update { none; };
};

And finally create zone files for these two subdomains - here you can find sample for aa.padence.forward.com

# cat  /var/named/chroot/var/named/aa.padence.com.forward.zone
$TTL 1D
@       IN SOA  aa.padence.com.            root.padence.com. (
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@               NS      sj-karntest1.padence.com.
                A       127.0.0.1
; this is entry for www.aa.padence.com
www             A       192.18.12.235

You do not need to create separete reverse zones for these.

Related Topic