Dashboard logout URL is default even when using external IDP, SAML, cannot be modified

When using external IDP and having relation with keystone-SAML mellon,
openstack dashboard would still have a default logout URL generated.

<a href="/auth/logout/" target="_self">
   Sign Out
</a>

(sp-metadata file would have a different URL /auth/mellon/logout/)

So if the user clicks logout - session cookies are not cleaned.
The next time when login with external IDP is selected - user could login without password prompt.

Looking at the code, looks like if those 3 variables are be passed then redirect could happen to custom LOGOUT_URL

WEBSSO_ENABLED
WEBSSO_DEFAULT_REDIRECT
WEBSSO_DEFAULT_REDIRECT_LOGOUT

https://github.com/openstack/horizon/blob/a2b6e6c9bdce7323fd7876a1d22e14f8c1d42bab/openstack_auth/views.py#L250-L255

mod_auth_mellon supports both IdP-initiated and SP-initiated logout through the same endpoint. The endpoint is located at "/logout". "/logoutRequest" is an alias for this endpoint, provided for compatibility with version 0.0.6 and earlier of mod_auth_mellon.

To initiate a logout from your web site, you should redirect or link to "/logout?ReturnTo=". Note that the ReturnTo parameter is mandatory. For example, if the web site is located at "https://www.example.com/secret", and the mellon endpoints are located under "https://www.example.com/secret/endpoint", then the web site could contain a link element like the following:

<a href="/secret/endpoint/logout?ReturnTo=https://www.example.org/logged_out.html">Log out</a>

https://github.com/latchset/mod_auth_mellon/blob/main/README.md#logging-out