Smard card OpenId
I'm using smart card openid to login my user into my webapp. On first run i'm asked to enter pin and select certifictr. After logout every other login is passing without asking for pin or cert. If i use different smart card i still login as the user from first card. Is browser caching data sbput ssl? Hoe csn i buypass that without turning off the browser?
4 Replies
are you signing out of your openid provider when you log out?
it sounds like you are signing out of your webapp but not signing out of the provider as well
Unknown User•3w ago
Message Not Public
Sign In & Join Server To View
I’ll try to be more precise.
- The code I use to register the OpenID service is in openid setup code.txt.
- The code I use for logging out is in logout code.txt.
- The frontend of the application is built using React.
When I start a new session in an incognito tab and log in to a third-party service using the OAuth2 protocol, the browser prompts me to select a certificate and enter the PIN for my smart card.
However, after logging out (while still in the same incognito tab) and attempting to log in with a different smart card, the browser does not prompt me to select a certificate or enter a PIN again. Instead, it automatically logs me in using the previously selected smart card certificate.
From my research, this behavior appears to be browser-specific. Microsoft Edge provides an option to reset certificate selection, but Chrome and other browsers do not.
Is there a way to reset the certificate selection on logout so that the browser prompts the user to select a certificate again?
Unknown User•3w ago
Message Not Public
Sign In & Join Server To View