diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
index 555872881..5f6feacbd 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@@ -250,11 +250,9 @@ sub authLogout {
     my ( $self, $req ) = @_;
 
     # Build CAS logout URL
-    my $logout_url = $self->getServerLogoutURL(
-        uri_escape( $self->p->fullUrl($req) ),
+    my $logout_url = $self->getServerLogoutURL( $self->p->fullUrl($req),
         $self->conf->{casSrvMetaDataOptions}->{ $req->userData->{_casSrv} }
-          ->{casSrvMetaDataOptionsUrl}
-    );
+          ->{casSrvMetaDataOptionsUrl} );
 
     $self->logger->debug("Build CAS logout URL: $logout_url");
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 79ad13cf1..ee8300a02 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -212,7 +212,8 @@ sub run {
         $req->frame(1);
 
         # GET parameters
-        my $logout_url = $req->param('url');
+        my $logout_url     = $req->param('url');        # CAS 2.0
+        my $logout_service = $req->param('service');    # CAS 3.0
 
         # Delete linked CAS sessions
         $self->deleteCasSecondarySessions($session_id);
@@ -237,6 +238,13 @@ sub run {
 
                 return PE_CONFIRM;
             }
+
+            if ($logout_service) {
+                $self->logger->debug("User will be redirected to $logout_service");
+                $req->{urldc} = $logout_service;
+                $req->steps( [] );
+                return PE_OK;
+            }
         }
         else {
             $self->logger->info("Unknown session $session_id");
diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
index 4b57fd593..6a19c9714 100644
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
@@ -129,7 +129,7 @@ ok(
     'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
     ' Frame can be embedded' )
   or explain( $res->[1],
diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
index 92b86f622..b2dae98f4 100644
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
@@ -139,7 +139,7 @@ ok(
     'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
     ' Frame can be embedded' )
   or explain( $res->[1],
diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t
index 5b563a14b..a402af260 100644
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t
@@ -139,7 +139,7 @@ ok(
     'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
     ' Frame can be embedded' )
   or explain( $res->[1],