Episode 63 — Federation Basics: SAML and OIDC
This episode explains federated authentication so SSO scenarios become straightforward rather than confusing acronym puzzles. You’ll learn the core roles in federation, where an identity provider authenticates the user and a service provider consumes trusted claims to grant access, and how assertions and tokens carry identity attributes, group memberships, and authorization context. We’ll cover how trust is established through configuration and key validation, how misconfiguration can accept claims that should be rejected, and how redirect and callback flows can leak or mishandle tokens when controls are weak. You’ll practice scenario reasoning where the wrong audience claim still grants access, where role mapping is overly broad, or where validation is inconsistent, deciding what the most likely root cause is and what control would reduce risk. By the end, you’ll be able to distinguish federation from local sessions, explain the failure in plain language, and recommend mitigations such as strict validation, least privilege claim mapping, and secure default configurations. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
