diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/TokenCleanupService.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/TokenCleanupService.java
index 12d5e444f90..441733965f8 100644
--- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/TokenCleanupService.java
+++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/TokenCleanupService.java
@@ -53,6 +53,7 @@ public static void cleanupSsoSession(
         try {
             ssoContext.removeSsoSession(ssoSession.getAccessToken());
             HttpSession existingSession = ssoSession.getHttpSession();
+            String refreshToken = ssoSession.getRefreshToken();
             if (existingSession == null) {
                 log.debug("No existing Session found for token: {}, cannot invalidate session",
                         ssoSession.getAccessToken());
@@ -67,7 +68,7 @@ public static void cleanupSsoSession(
             if (ssoContext.getSsoLocalConfig().getBoolean("ENGINE_SSO_ENABLE_EXTERNAL_SSO")) {
                 log.debug("Existing Session found for token: {}, invalidating session on external OP",
                         ssoSession.getAccessToken());
-                ExternalOIDCService.logout(ssoContext, ssoSession.getRefreshToken());
+                ExternalOIDCService.logout(ssoContext, refreshToken);
             }
             invokeAuthnLogout(ssoContext, ssoSession);
             SsoService.notifyClientsOfLogoutEvent(ssoContext,