diff --git a/lemonldap-ng-portal/example/openid-configuration.pl b/lemonldap-ng-portal/example/openid-configuration.pl
index 034bf4f77..5a97cd518 100755
--- a/lemonldap-ng-portal/example/openid-configuration.pl
+++ b/lemonldap-ng-portal/example/openid-configuration.pl
@@ -12,6 +12,7 @@ my $token_uri                 = $portal->{oidcServiceMetaDataTokenURI};
 my $userinfo_uri              = $portal->{oidcServiceMetaDataUserInfoURI};
 my $jwks_uri                  = $portal->{oidcServiceMetaDataJWKSURI};
 my $registration_uri          = $portal->{oidcServiceMetaDataRegistrationURI};
+my $endsession_uri            = $portal->{oidcServiceMetaDataEndSessionURI};
 
 my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
 my $issuer = $portal->{oidcServiceMetaDataIssuer};
@@ -27,6 +28,8 @@ $configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
 $configuration->{jwks_uri}          = $issuer . $path . "/" . $jwks_uri;
 $configuration->{registration_endpoint} =
   $issuer . $path . "/" . $registration_uri;
+$configuration->{end_session_endpoint} =
+  $issuer . $path . "/" . $endsession_uri;
 $configuration->{scopes_supported} = [qw/openid profile email address phone/];
 $configuration->{response_types_supported} = [
     "code",
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
index 457ef688d..f40023ea7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
@@ -430,32 +430,24 @@ sub issuerForUnAuthUser {
         $self->lmLog( "URL $url detected as an OpenID Connect END SESSION URL",
             'debug' );
 
-        # Check that we are in an inactive session
-        unless ( $self->{id} ) {
+        $self->lmLog( "User is already logged out", 'debug' );
 
-            $self->lmLog( "User is already logged out", 'debug' );
+        my $post_logout_redirect_uri = $self->param('post_logout_redirect_uri');
+        my $state                    = $self->param('state');
 
-            my $post_logout_redirect_uri =
-              $self->param('post_logout_redirect_uri');
-            my $state = $self->param('state');
+        if ($post_logout_redirect_uri) {
 
-            if ($post_logout_redirect_uri) {
+            # Build Response
+            my $response_url =
+              $self->buildLogoutResponse( $post_logout_redirect_uri, $state );
 
-                # Build Response
-                my $response_url =
-                  $self->buildLogoutResponse( $post_logout_redirect_uri,
-                    $state );
+            $self->lmLog( "Redirect user to $response_url", 'debug' );
+            $self->{'urldc'} = $response_url;
 
-                $self->lmLog( "Redirect user to $response_url", 'debug' );
-                $self->{'urldc'} = $response_url;
-
-                $self->_sub('autoRedirect');
-            }
-
-            return PE_LOGOUT_OK;
+            $self->_sub('autoRedirect');
         }
 
-        return PE_OK;
+        return PE_LOGOUT_OK;
     }
 
     PE_OK;
@@ -469,11 +461,12 @@ sub issuerForAuthUser {
     my $self = shift;
 
     my $issuerDBOpenIDConnectPath = $self->{issuerDBOpenIDConnectPath};
-    my $authorize_uri             = $self->{issuerDBOpenIDConnectAuthorizeURI};
-    my $token_uri                 = $self->{issuerDBOpenIDConnectTokenURI};
-    my $userinfo_uri              = $self->{issuerDBOpenIDConnectUserInfoURI};
+    my $authorize_uri             = $self->{oidcServiceMetaDataAuthorizeURI};
+    my $token_uri                 = $self->{oidcServiceMetaDataTokenURI};
+    my $userinfo_uri              = $self->{oidcServiceMetaDataUserInfoURI};
     my $jwks_uri                  = $self->{oidcServiceMetaDataJWKSURI};
     my $registration_uri          = $self->{oidcServiceMetaDataRegistrationURI};
+    my $endsession_uri            = $self->{oidcServiceMetaDataEndSessionURI};
     my $issuer                    = $self->{oidcServiceMetaDataIssuer};
 
     # Session ID
@@ -1120,6 +1113,58 @@ sub issuerForAuthUser {
         $self->quit;
     }
 
+    # END SESSION
+    if ( $url_path =~ m#${issuerDBOpenIDConnectPath}${endsession_uri}# ) {
+
+        $self->lmLog( "URL $url detected as an OpenID Connect END SESSION URL",
+            'debug' );
+
+        # Set hidden fields
+        my $oidc_request = {};
+        foreach my $param (qw/id_token_hint post_logout_redirect_uri state/) {
+            $oidc_request->{$param} = $self->getHiddenFormValue($param)
+              || $self->param($param);
+            $self->lmLog(
+                "OIDC request parameter $param: " . $oidc_request->{$param},
+                'debug' );
+            $self->setHiddenFormValue( $param, $oidc_request->{$param} );
+        }
+
+        my $post_logout_redirect_uri =
+          $oidc_request->{'post_logout_redirect_uri'};
+        my $state = $oidc_request->{'state'};
+
+        # Ask consent for logout
+        if ( $self->param('confirm') == 1 or $self->param('confirm') == 1 ) {
+            if ( $self->param('confirm') == 1 ) {
+                my $apacheSession = $self->getApacheSession($session_id);
+                $self->_deleteSession($apacheSession);
+            }
+
+            if ($post_logout_redirect_uri) {
+
+                # Build Response
+                my $response_url =
+                  $self->buildLogoutResponse( $post_logout_redirect_uri,
+                    $state );
+
+                $self->lmLog( "Redirect user to $response_url", 'debug' );
+                $self->{'urldc'} = $response_url;
+
+                $self->_sub('autoRedirect');
+            }
+
+            return PE_LOGOUT_OK if $self->param('confirm') == 1;
+            return PE_OK;
+        }
+
+        $self->info('<div>');
+        $self->info("Logout ?");
+        $self->info('</div>');
+        $self->{activeTimer} = 0;
+        return PE_CONFIRM;
+    }
+
     PE_OK;
 }