In an OpenID Connect (OIDC) flow, there are typically three main roles involved: theRelying Party (RP), theIdentity Provider (IdP), and theService Provider (SP). The RP is the application or service that wants to authenticate a user, while the IdP is responsible for authenticating the user and providing identity information. The SP is the entity that relies on the authentication provided by the IdP.
When configuring a website to allow users to log in using their existing company credentials via an OIDC flow,SAP Customer Data Cloud (CDC)acts as theIdentity Provider (IdP). This means that SAP CDC will handle the authentication of users and provide the necessary identity tokens to the website. The website, on the other hand, acts as theService Provider (SP), relying on SAP CDC to authenticate users.
Option A: Correct. In this scenario, SAP Customer Data Cloud serves as the Identity Provider (IdP), and the website serves as the Service Provider (SP). The website delegates the authentication process to SAP CDC, which verifies the user's credentials and returns the appropriate tokens.
Option B: Incorrect. SAP Customer Data Cloud cannot act as the SP in this context because it is responsible for authenticating users, not consuming authentication from another provider.
Option C: Incorrect. The website cannot act as the OpenID Provider (OP) because it is not responsible for authenticating users. Instead, it relies on SAP CDC for authentication.
Option D: Incorrect. The website cannot act as the Identity Provider (IdP) because it does not manage user identities or credentials; SAP CDC does.
References:
SAP Customer Data Cloud - Authentication Flows
SAP Customer Data Cloud - OIDC Integration
