An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications.
The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)
A. SAML
B. Social login
C. OpenID connect
D. XACML
E. SPML
F. OAuth
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Maybe: OpenID connect, OAuth ? Or maybe Social login?
Requirements:
– SSO for customers
OpenID Connect can do SSO authentication and authorization for *consumer* needs as opposed to SAML which is enterprise-centric
– work with mobile application
OAuth allows an *application* (i.e. mobile app) to access a user’s data without the user needing to share login credentials work with 3rd party rewards portal
OAuth allows a third-party website to access a user’s data without the user needing to share login credentials get feedback data
Social Login might be able to provide feedback data which the company is looking for
– maintain audit trail
Would Social Login do this any better than the other choices?
OAuth Service is an open standard protocol for account authorization and authentication.
A C
SAML or OpenID Connect – OAuth is authentication only, used for delegated access.
Agree. AC