diff --git a/conf/.env.production.sample b/conf/.env.production.sample
index d15d443..c63e66a 100644
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@@ -290,3 +290,6 @@ MAX_VIDEO_SIZE=41943040
 # Units are in bytes
 MAX_EMOJI_SIZE=51200
 MAX_REMOTE_EMOJI_SIZE=204800
+
+# YunoHost
+LOGOUT_URL=__LOGOUT_URL_
diff --git a/sources/patches/sso.patch b/sources/patches/sso.patch
new file mode 100644
index 0000000..84c4e67
--- /dev/null
+++ b/sources/patches/sso.patch
@@ -0,0 +1,56 @@
+diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
+index 7c36bc6b8..3f691d102 100644
+--- a/app/controllers/application_controller.rb
++++ b/app/controllers/application_controller.rb
+@@ -70,7 +70,7 @@ class ApplicationController < ActionController::Base
+   end
+ 
+   def after_sign_out_path_for(_resource_or_scope)
+-    new_user_session_path
++    "https://#{File.read('/etc/yunohost/current_host')}/yunohost/sso/?action=logout"
+   end
+ 
+   def pack(data, pack_name, skin = 'default')
+diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
+index 5232e6cfd..160348674 100644
+--- a/config/initializers/devise.rb
++++ b/config/initializers/devise.rb
+@@ -180,7 +180,7 @@ Devise.setup do |config|
+   # given strategies, for example, `config.http_authenticatable = [:database]` will
+   # enable it only for database authentication. The supported strategies are:
+   # :database      = Support basic authentication with authentication key + password
+-  config.http_authenticatable = [:pam, :database]
++  config.http_authenticatable = [:two_factor_ldap, :pam, :database]
+ 
+   # If 401 status code should be returned for AJAX requests. True by default.
+   # config.http_authenticatable_on_xhr = true
+diff --git a/lib/devise/two_factor_ldap_authenticatable.rb b/lib/devise/two_factor_ldap_authenticatable.rb
+index 065aa2de8..0eb4be10c 100644
+--- a/lib/devise/two_factor_ldap_authenticatable.rb
++++ b/lib/devise/two_factor_ldap_authenticatable.rb
+@@ -5,13 +5,13 @@ require 'devise/strategies/base'
+ 
+ module Devise
+   module Strategies
+-    class TwoFactorLdapAuthenticatable < Base
++    class TwoFactorLdapAuthenticatable < Authenticatable
+       def valid?
+-        valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
++        (valid_for_params_auth? || valid_for_http_auth?) && mapping.to.respond_to?(:authenticate_with_ldap)
+       end
+ 
+       def authenticate!
+-        resource = mapping.to.authenticate_with_ldap(params[scope])
++        resource = mapping.to.authenticate_with_ldap(authentication_hash.merge(:password => password))
+ 
+         if resource && !resource.otp_required_for_login?
+           success!(resource)
+@@ -23,7 +23,7 @@ module Devise
+       protected
+ 
+       def valid_params?
+-        params[scope] && params[scope][:password].present?
++        super && params[scope][:password].present?
+       end
+     end
+   end