diff --git a/config/default.json b/config/default.json
index cd012ee147ca9726b86ab669c2270ca95a6fac18..ff977c268d0b8ccb55a4250e242be0f425fec830 100644
--- a/config/default.json
+++ b/config/default.json
@@ -33,5 +33,6 @@
 
   "path" : "http://localhost:9666/saml/SSO",
   "entryPoint" : "https://m4lab.hft-stuttgart.de/idp/saml2/idp/SSOService.php",
-  "issuer" : "spacedeck.m4lab.hft-stuttgart.de"
+  "issuer" : "spacedeck.m4lab.hft-stuttgart.de",
+  "logoutUrl": "https://m4lab.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php"
 }
diff --git a/routes/root.js b/routes/root.js
index ccbc5446890298a04790f959a49d7191873109ea..81892e0d2e340be123f6df27a7cc854c3616ec6f 100644
--- a/routes/root.js
+++ b/routes/root.js
@@ -32,6 +32,7 @@ const uuidv4 = require('uuid/v4');
   var samlStrategy = new SamlStrategy({
       // URL that goes from the Identity Provider -> Service Provider
       callbackUrl: config.path,
+      logoutUrl: config.logoutUrl,
 
       entryPoint: config.entryPoint,
       issuer: config.issuer,
@@ -245,10 +246,58 @@ router.get('/login', passport.authenticate('saml',
 //  res.render('spacedeck', { config:config, user:req.user });
 //});
 
+function samlLogout(req,res){
+console.log("enter samlLogout")
+try{
+    samlStrategy.logout(req, function(err,uri){
+        if(err) console.log("can't generate logout URL: ${err}");
+        req.logout();
+        var token = req.cookies['sdsession'];
+        db.Session.findOne({where: {token: token}})
+            .then(session => {
+                session.destroy();
+            });
+        var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
+        res.clearCookie('sdsession', { domain: domain });
+        console.log("clear Cookie")
+        res.redirect(uri);
+    });
+}catch(err){
+    if(err) console.log(`Exception on URL: ${err}`);
+    req.logout();
+    var token = req.cookies['sdsession'];
+    db.Session.findOne({where: {token: token}})
+        .then(session => {
+            session.destroy();
+        });
+    var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
+    res.clearCookie('sdsession', { domain: domain });
+    console.log("clear Cookie on error")
+    res.redirect("/login");
+    }
+}
+
 router.get('/logout', (req, res) => {
-  res.render('spacedeck', { config:config, user:req.user });
+    console.log("logout pressed")
+    if (req.user == null) {
+        console.log("req.user == null");
+        return res.redirect('/');
+    }
+    samlLogout(req,res);
 });
 
+router.get('/saml/SLO', (req, res, next) => {
+        console.log("received logout request");
+        var token=req.cookies['sdsession'];
+        if(token) {
+            return next();
+        } else {
+            return res.redirect('/'); //best be landing page of everything
+        }
+    },
+    samlLogout
+);
+
 router.get('/t/:id', (req, res) => {
   res.cookie('spacedeck_locale', req.params.id, { maxAge: 900000, httpOnly: true });
   var path = "/";