The eIAM WSG (web service gateway) can be used to protect SOAP-based web services effectively from unauthorised access. In the eIAM access manager, customers themselves manage the technical users and their permissions in the same way as their web applications. The information on the identity of the accessing subject (technical user) and his/her permissions in the eIAM access manager are transmitted to the web service using standardised SAML 2.0 tokens in either the SOAP header or an HTTP header. One eIAM WSG is required for each web service that is to be protected.
