Explore a comprehensive analysis of Federated Login CSRF vulnerabilities in this 30-minute conference talk from AppSecUSA 2017. Delve into the concept of Login CSRF and its application to federated identity systems using OpenID Connect and OAuth 2.0. Examine the conditions that can lead to Federated Login CSRF, potential risks, and effective mitigation strategies. Learn from Microsoft Senior Security Engineer Murali Vadakke Puthanveetil as he walks through the intricacies of this security issue, including a detailed breakdown of OAuth Code Grant Flow, OpenID Connect login flow, and the importance of recommended parameters. Gain valuable insights into attack configurations, data flow sequences, and practical demonstrations. Understand how to implement robust security measures, such as implementing a second consent dialog before linking identities, to protect against these sophisticated attacks in federated login systems.