diff --git a/ckan/patches/ckanext-saml2auth/01_logout_user.patch b/ckan/patches/ckanext-saml2auth/01_logout_user.patch
new file mode 100644
index 00000000..14d17872
--- /dev/null
+++ b/ckan/patches/ckanext-saml2auth/01_logout_user.patch
@@ -0,0 +1,22 @@
+diff --git a/ckanext/saml2auth/plugin.py b/ckanext/saml2auth/plugin.py
+index 53b8454..07a3307 100644
+--- a/ckanext/saml2auth/plugin.py
++++ b/ckanext/saml2auth/plugin.py
+@@ -22,6 +22,7 @@ from saml2.client_base import LogoutError
+ from saml2 import entity
+ 
+ from flask import session, redirect, make_response
++from flask_login import logout_user
+ 
+ import ckan.plugins as plugins
+ import ckan.plugins.toolkit as toolkit
+@@ -103,7 +104,8 @@ class Saml2AuthPlugin(plugins.SingletonPlugin):
+             domain = h.get_site_domain_for_cookie()
+             # Clear session cookie in the browser
+             response.set_cookie('ckan', domain=domain, expires=0)
+-
++            # logout user from CKAN
++            logout_user()
+             if not toolkit.check_ckan_version(min_version="2.10"):
+                 # CKAN <= 2.9.x also sets auth_tkt cookie
+                 response.set_cookie('auth_tkt', domain=domain, expires=0)
\ No newline at end of file