diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index d6d4eb24b5..f53aa02995 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -449,10 +449,17 @@ class LoginController extends Controller
      */
     public function logout(Request $request)
     {
+        // Logout is only allowed with a http POST but we need to allow GET for SAML SLO
         $settings = Setting::getSettings();
         $saml = $this->saml;
+        $samlLogout = $request->session()->get('saml_logout');
         $sloRedirectUrl = null;
         $sloRequestUrl = null;
+    
+        // Only allow GET if we are doing SAML SLO otherwise abort with 405
+        if ($request->isMethod('GET') && !$samlLogout) {
+            abort(405);
+        }
 
         if ($saml->isEnabled()) {
             $auth = $saml->getAuth();
diff --git a/app/Http/Controllers/Auth/SamlController.php b/app/Http/Controllers/Auth/SamlController.php
index d84ae2601a..3d5cf75ecf 100644
--- a/app/Http/Controllers/Auth/SamlController.php
+++ b/app/Http/Controllers/Auth/SamlController.php
@@ -142,6 +142,6 @@ class SamlController extends Controller
             return view('errors.403');
         }
 
-        return redirect()->route('logout')->with('saml_slo_redirect_url', $sloUrl);
+        return redirect()->route('logout')->with(['saml_logout' => true,'saml_slo_redirect_url' => $sloUrl]);
     }
 }
diff --git a/routes/web.php b/routes/web.php
index 9141b2bf08..c6b53d9155 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -434,6 +434,12 @@ Route::group(['middleware' => 'web'], function () {
             'uses' => 'DashboardController@getIndex' ]
     );
 
+    // need to keep GET /logout for SAML SLO
+    Route::get(
+        'logout',
+        [LoginController::class, 'logout']
+    )->name('logout');
+
     Route::post(
         'logout',
         [LoginController::class, 'logout']