diff --git a/docs/simplesamlphp-sp-api.md b/docs/simplesamlphp-sp-api.md
index 91391200ab7f0c8cd6717b99a8ca4f97ce22ec4c..2182edac171c223fcc714f2f6c833bc4434aacc3 100644
--- a/docs/simplesamlphp-sp-api.md
+++ b/docs/simplesamlphp-sp-api.md
@@ -256,7 +256,7 @@ The URL returned by this function is static, and will not change.
 You can easily create your own links without using this function.
 The URL should be:
 
-     .../simplesaml/module.php/core/login/<authentication source>/?AuthId=<authentication source>&ReturnTo=<return URL>
+     .../simplesaml/module.php/core/login/<authentication source>?ReturnTo=<return URL>
 
 
 `getLogoutURL`
@@ -285,4 +285,4 @@ The URL returned by this function is static, and will not change.
 You can easily create your own links without using this function.
 The URL should be:
 
-     .../simplesaml/module.php/core/as_logout.php?AuthId=<authentication source>&ReturnTo=<return URL>
+     .../simplesaml/module.php/core/logout/<authentication source>?ReturnTo=<return URL>
diff --git a/modules/core/lib/Controller/Login.php b/modules/core/lib/Controller/Login.php
index 0cda6e748c1c1d0a4752918b2e025f9736873481..2dfa37bec92d1080a66335a445e16c40e6ee3043 100644
--- a/modules/core/lib/Controller/Login.php
+++ b/modules/core/lib/Controller/Login.php
@@ -51,21 +51,40 @@ class Login
     /**
      * Log the user out of a given authentication source.
      *
+     * @param Request $request The request that lead to this logout operation.
      * @param string $as The name of the auth source.
      *
      * @return \SimpleSAML\HTTP\RunnableResponse A runnable response which will actually perform logout.
      *
      * @throws \SimpleSAML\Error\CriticalConfigurationError
      */
-    public function logout(string $as): Response
+    public function logout(Request $request, string $as): RunnableResponse
     {
         $auth = new Auth\Simple($as);
+        $returnTo = $this->getReturnPath($request);
         return new RunnableResponse(
             [$auth, 'logout'],
-            [$this->config->getBasePath()]
+            [$returnTo]
         );
     }
 
+    /**
+     * Searches for a valid and allowed ReturnTo URL parameter,
+     * otherwise give the base installation page as a return point.
+     */
+    private function getReturnPath(Request $request): string
+    {
+        $httpUtils = new Utils\HTTP();
+
+        $returnTo = $request->query->get('ReturnTo', false);
+        if ($returnTo !== false) {
+            $returnTo = $httpUtils->checkURLAllowed($returnTo);
+        }
+        if (empty($returnTo)) {
+            return $this->config->getBasePath();
+        }
+        return $returnTo;
+    }
 
     /**
      * This clears the user's IdP discovery choices.
@@ -89,14 +108,7 @@ class Login
             $httpUtils->setCookie($cookieName, null, ['path' => $cookiePath, 'httponly' => false], false);
         }
 
-        // Find where we should go now.
-        $returnTo = $request->request->get('ReturnTo', false);
-        if ($returnTo !== false) {
-            $returnTo = $httpUtils->checkURLAllowed($returnTo);
-        } else {
-            // Return to the front page if no other destination is given. This is the same as the base cookie path.
-            $returnTo = $cookiePath;
-        }
+        $returnTo = $this->getReturnPath($request);
 
         // Redirect to destination.
         $httpUtils->redirectTrustedURL($returnTo);