Instructions to configure a basic identity federation deployment between a Shibboleth IdP and our SP using SAML 2.0 protocol with the SAML2.0 HTTP POST binding.
Installation is not self-serve. To initiate, request support from a PebblePad Integration engineer.
Installation
Our procedure is to first use TAQAS and the test Shibboleth server (shibtest.pebblepad.com). Once the integration is confirmed to work, we provide you with our production metadata and Entity ID.
1. Create test user
We recommend using a test user to check the authentication route. If you have an existing account, use this. If not, please create one.
2. Agree Attributes
Configure your identity provider to release and populate PebblePad on first login, at minimum with a:
- username
- forename
- surname
The specific naming of what to release is dependent on the IdP. The standard Shibboleth attributes for these are:
| Username | Friendly SAML name | eduPersonPrincipalName |
| OID | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | |
| Surname / Family name | Friendly SAML name | sn |
| OID | urn:oid:2.5.4.4 | |
| Forename / Given name | Friendly SAML name | givenName |
| OID | urn:oid:2.5.4.42 | |
| Friendly SAML name | ||
| OID | urn:oid:0.9.2342.19200300.100.1.3 |
3. Add PebblePad Metadata
Add the metadata for our test service provider to your identity provider:
Our Entity ID is:
When moving from TAQAS to production, if you are a member, you can fetch our metadata from:
- UK Federation,
- Australian Access Federation
- SURFconext
Alternatively, we can provide a direct link.
4. Send your Metadata to PebblePad Support
To complete setup of your test environment, please send us a link to your:
- test IdP metadata URL
Once the staging server checks are complete, we will move you to the production server.