Yep, it is allowed.
See what specification says (p.113-114):
The auth-methodType is used to configure the authentication
mechanism for the web application. As a prerequisite to
gaining access to any web resources which are protected by
an authorization constraint, a user must have authenticated
using the configured mechanism. Legal values are "BASIC",
"DIGEST", "FORM", "CLIENT-CERT", or a vendor-specific
authentication scheme.
P.S. You will not see any vendor-specific questions on SCWCD exam. Just remember 4 standard values.
regards,
MZ