diff --git a/ckan/config/routing.py b/ckan/config/routing.py
index ceacd63a7ef..0400512bd60 100644
--- a/ckan/config/routing.py
+++ b/ckan/config/routing.py
@@ -353,7 +353,6 @@ def make_map():
         m.connect('register', '/user/register', action='register')
         m.connect('login', '/user/login', action='login')
         m.connect('/user/_logout', action='logout')
-        m.connect('/slo', action='slo')
         m.connect('/user/logged_in', action='logged_in')
         m.connect('/user/logged_out', action='logged_out')
         m.connect('/user/logged_out_redirect', action='logged_out_page')
diff --git a/ckan/controllers/user.py b/ckan/controllers/user.py
index da6d4fb724b..638bd7a7231 100644
--- a/ckan/controllers/user.py
+++ b/ckan/controllers/user.py
@@ -80,9 +80,6 @@ def _setup_template_variables(self, context, data_dict):
     def _get_repoze_handler(self, handler_name):
         '''Returns the URL that repoze.who will respond to and perform a
         login or logout.'''
-        # FIXME this shouldn't be here
-        # FIXME we need to deal with the aborts properly
-        abort(401, _('Not authorized to see this page'))
         return getattr(request.environ['repoze.who.plugins']['friendlyform'],
                        handler_name)
 
@@ -182,8 +179,6 @@ def _save_new(self, context):
                 logic.tuplize_dict(logic.parse_params(request.params))))
             context['message'] = data_dict.get('log_message', '')
             captcha.check_recaptcha(request)
-            if c.saml2user:
-                data_dict['openid'] = c.saml2user
             user = get_action('user_create')(context, data_dict)
         except NotAuthorized:
             abort(401, _('Unauthorized to create user %s') % '')
@@ -302,10 +297,6 @@ def login(self, error=None):
         if 'error' in request.params:
             h.flash_error(request.params['error'])
 
-        if c.saml2user:
-            return h.redirect_to(controller='user',
-                                 action='me')
-
         if request.environ['SCRIPT_NAME'] and g.openid_enabled:
             # #1662 restriction
             log.warn('Cannot mount CKAN at a URL and login with OpenID.')
@@ -361,28 +352,8 @@ def logout(self):
         # save our language in the session so we don't lose it
         session['lang'] = request.environ.get('CKAN_LANG')
         session.save()
-        if c.saml2user:
-            h.redirect_to('/slo')
         h.redirect_to(self._get_repoze_handler('logout_handler_path'))
 
-    def slo(self):
-        environ = request.environ
-        # so here I might get either a LogoutResponse or a LogoutRequest
-        client = environ['repoze.who.plugins']['saml2auth']
-        sids = None
-        if 'QUERY_STRING' in environ:
-            try:
-                res = client.saml_client.logout_request_response(
-                                                    request.GET['SAMLResponse'][0],
-                                                    binding=BINDING_HTTP_REDIRECT)
-            except KeyError:
-                # return error reply
-                pass
-
-        if not sids:
-            response.delete_cookie('auth_tkt')
-            h.redirect_to(controller='user', action='logged_out')
-
     def set_lang(self, lang):
         # this allows us to set the lang in session.  Used for logging
         # in/out to prevent being lost when repoze.who redirects things