Gluu Open Banking and PSD2
The Gluu Open Banking Identity Platform enables banks to get to market faster by providing a feature and security profile that is purpose-built. The goal is to minimize the technical surface area–to disable all the stuff you don’t need if your goal is open banking.
The platform is based on the Linux Foundation Janssen Project. As a result, banks always retain the freedom to use the core software and to get the latest security updates. Gluu adds value by packaging the distribution and by adding additional components, like an optional web administration portal.
Get Started with Open Banking
Gluu’s premier open banking distribution provides the streamlined core to your open banking needs.
Our open banking solution is trimmed down to increase performance and reduce the security surface area.
You still get the same highly secure quality Gluu software you’ve learned to depend on, and responsive global support when you need it.
Gluu is the obvious choice for your open banking needs, securing your digital transformation 24/7, with support when you need it.
Ready for our premier open banking platform?
OpenID Connect Certified
Pass your audit: FAPI Certified
Gluu is certified to conform with the Financial Grade OpenID Provider profile. Called “FAPI” for short, this profile provides detailed requirements for the security features needed to perform payments and other bank transactions. Gluu has also submitted many other certifications for both its OpenID Provider and Relying Party software. In fact, Gluu has submitted more OpenID certification tests than any other vendor.
CIBA Ready for Offline Authentication
CIBA, or “Client Initiated Backchannel Authentication” is an OpenID standard that is used to enable certain out-of-band security use cases, like when a customer speaks with an agent at a call center. It’s critically important for the agent to verify the identity of the person calling, and CIBA provides a solution to use a mobile device to accomplish this. Gluu is the only open-source implementation to certify against the FAPI CIBA OpenID Provider conformance profile.
Flexible Consent Management
Banks have different ways they may want to handle the consent flow for a transaction. Gluu provides extreme flexibility. In some cases, banks may want to redirect to an internal consent management application and hide all personal information from the third party facing OpenID Provider. In other cases, banks may want to utilize the Gluu Server to present a consent journey, integrating with various backend systems. Gluu supports both approaches, enabling a bank’s product team to specify their preference.
Implement OpenID Connect offline access
This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User’s User Info Endpoint even when the End-User is not present (not logged in).
The revised Payment Services Directive (PSD2) allowed ubiquitous financial transactions among EU member countries. Gluu supports strong customer authentication (SCA) methods supporting all modern Multifactor Authentication methods and is designed to ensure the tokens remain unchanged without prior knowledge of the payment service.
Open Banking Certified Client API
Gluu’s client API (oxd) will dynamically register an OpenID Connect client and return an identifier for the application which must be presented in subsequent API calls. Gluu can act as a translation service to ensure your service transactions conform with FAPI-CIBA requirements.
PAR and JARM
Pushed Authorization Requests-PAR
PAR is handled by an additional endpoint of the Authorization Server (AS). Clients POST their authorization parameters to this endpoint, in return the clients get a reference (named as request URI value) that will be used in further authorization requests by the client. PAR enables the OAuth clients to push the payload of an authorization request directly to the authorization server in exchange for a request URI value. This request URI value is used as a reference to the authorization request payload data in a subsequent call to the authorization endpoint. We can set different PAR lifetimes for different clients.
JWT Secured Authorization Response Mode-JARM
This is a new JWT-based response mode to encode authorization responses known as JARM, (see Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0). Here clients are enabled to request the transmission of the authorization response parameters along with additional data in JWT format. This mechanism enhances the security of the standard authorization response since it adds support for signing and encryption, sender authentication, and audience restriction. It also provides protection from replay, credential leakage, and mix-up attacks. It can be combined with any response type.
Build a Digital Banking Platform with APIs
Gluu Partners with leading Fintech solution providers to empower them to set the new standard when building modern banking mobile applications. By securing their APIs with Gluu’s authentication engine Fintechs are able to transact confidently with their clients without the need to rip and replace their existing infrastructure. Gluu’s certified FAPI-CIBA conformant solutions are licensed as the open source providing maximum flexibility without locking up your data system in a proprietary or legacy technology. Gluu can easily be configured to be scalable for on-premises systems as well as the leverage of elastic computing provided by newer, cloud-native technologies.
Download VM or Cloud!
The Open Banking distribution is open source. If you love Kubernetes and Linux containers, you can try either the Cloud Native distribution. If you just want to test, it may be easier to try the VM distribution. You can configure the Gluu Open Banking Identity Platform to satisfy several use cases: Authorization, Identity, Mobile push notifications (CIBA), and Dynamic Client Registration.
Dynamic Client Registration
One of the challenges of many banking ecosystem is scaling trust management–which clients are authorized to call your bank’s new open API’s? The Gluu Open Banking Identity Platform gives you the ability to validate software statement JWTs issued by a banking ecosystem operator. You have quite a bit of flexibility to integrate with internal systems for provisioning, intrusion detection or audit.
In an Open Banking ecosystem, where the OpenID Provider is registering and issuing tokens to third parties, it’s essential to minimize services and software. Any software running on the Authorization Server that is not essential is a liability. The Open Banking Distribution has a special security profile that maximizes the operational security readiness to improve its security posture.