How to remove or disable authentication from federation "Tools" ?

[vipul-aistechnolabs]

Good evening devs, I recently implemented this into one of my laravel project. Requirement : I need to set or call cron for refreshing metadata using this URL : http://localhost/simplesamllaravel/public/samllogin/module.php/metarefresh/fetch.php

Issue : Above mentioned URL required authentication, how do i remove it to get direct access, or you can tell me what configuration do i need to change in "config-metarefresh.php".

I tried to edit the configuration but it always go to the authentication page ,

 'template' => [
         'tags' => ['kalmar'],
        'authproc.sp' => [
               60 => [ 'class' => 'authorize:Authorize', 'deny' => FALSE, 'regex' => FALSE],
         ],
 ],

[vipul-aistechnolabs]

Please provide any update on this, this is very urgent

[tvdijen]

Hi @vipul-aistechnolabs! You could use the script provided in the bin-directory for that... If you really want to use the url, you could comment this line of code, but that imposes a security risk..

[vipul-aistechnolabs]

Alright great thank you for replying, i will get back to you shortly after implementing this. I agree on security risk part but there is just no other way to refresh metadata frequently, every time i tried it requires authentication, plus that's how clients wanted it using crone job. So i don't how should i do it without breaching any security.

In my project flow there are multiple subdomain and that all connected to one single Microsoft azure portal where I've defined my metadata federation link.

[tvdijen]

But why don't you run the bin-script from a cronjob?

[vipul-aistechnolabs]

Okay i got that but i want to run this only when metadata is expired then only cron will run ? how can i do that ?

[tvdijen]

You can't. That's not how this module is supposed to work..

[thijskh]

For the record, as documented in the module documentation, you do not need to call this URL via cron, but use SimpleSAMLphp's cron module to call it.