Expiring Claims with windows identity foundation and mvc

I've got开发者_JAVA技巧 a very basic application that is correctly redirecting to my STS and back again after successful authentication.

There's a couple of areas that I'm currently unsure as to how they work, and hoping some light can be shed on them.

1) How do you expire the claims in the token, for example you need to amend someone's claims but because the token is still valid a reissue doesn't happen for 10 minutes.

2) How do you logout from the authentication service and also out of the issuing site. E.G you click log off in your application, which in turn calls WSFederationAuthenticationModule.FederatedSignOut(new Uri(s), null);

But upon the user clicking a link to a protected resource it automatically redirects to the STS and logs the user back in.

I'm sure these are simple questions and I'm missing the point somewhere but any help would be greatly appreciated.

(1) To expire the claim:

var module = Context.ApplicationInstance.Modules["WSFederationAuthenticationModule"]
as WSFederationAuthenticationModule;

module.SignOut(true);

See this post for more info.

(2) Check out this post on a federated sign out.