If you want to connect an Identity Provider, or a Service Provider to a **federation**, you need to setup metadata for the entries that you trust. In many federations, in particular federations based upon the Shibboleth software, it is normal to setup automated distribution of metadata using the SAML 2.0 Metadata XML Format.
The `-s` option sends the output to the console (for testing purposes). If the output makes sense, continue. If you get a lot of error messages, try to read them and fix the problems that might be causing them. If you are having problems and you can't figure out the cause, you can always send an e-mail to the simpleSAMLphp mailing list and ask for advice.
Bear in mind that the key is used as a security feature, to restrict access to your cron. Therefore, you need to make sure that the string here is a random key available to no one but you. Additionally, make sure that you include here the appropriate tags that you previously told metarefresh
to use in the `cron` directive.
Next, use your web browser to go to `https://YOUR_SERVER/simplesaml/module.php/cron/croninfo.php`. Make sure to properly set your server's address, as well as use HTTP or HTTPS accordingly, and also to specify the correct path to the root of your simpleSAMLphp installation.
Finally, add it to your crontab by going back to the terminal, and editing with:
[root@simplesamlphp config]# crontab -e
This will open up your favourite editor. If an editor different than the one you use normally appears, exit, and configure the `EDITOR` variable
to tell the command line which editor it should use:
[root@simplesamlphp config]# export EDITOR=emacs
If you want to force the metadata to be refreshed manually, you can do so by going back to the cron page in the web interface. Then, just follow
the appropriate links to execute the cron jobs you want. The page will take a while loading, and eventually show a blank page. It is so because
the commands are intended to be run from cron, and therefore they produce no output. If this operation seems to run fine, navigate to the **SimpleSAMLphp Front page** › **Federation**. Here you will see a list of all the Identity Providers trusted. They will be listed with information about the maximum duration of their cached version, such as *(expires in 96.0 hours)*.
SAML metadata may supply a `cacheDuration` attribute which indicates the maximum time to keep metadata cached. Because this module is run from cron, it cannot decide how often it is run and enforce this duration on its own. Make sure to run metarefresh from cron at least as often as the shortest `cacheDuration` in your metadata sources.