Gluu Open Banking Identity Platform

The Gluu Open Banking Identity Platform enables banks to get to market faster by providing a feature and security profile that is purpose-built. The goal is to miminize the technical surface area–to disable all the stuff you don’t need if your goal is open banking.

The platform is based on the Linux Foundation Janssen Project.  As a result, banks always retain the freedom to use the core software and to get the latest security updates. Gluu adds value by packaging the distribution and by adding additional components, like an optional web administration portal.

gluu open banking diagram

Get Started with Open Banking

Gluu’s premier open banking distribution provides the streamlined core to your open banking needs.

Our open banking solution is trimmed down to increase performance and to reduce the security surface area.

You still get the same highly secure quality Gluu software you’ve learned to depend on, and responsive global support when you need it.

Gluu is the obvious choice for your open banking needs, securing your digital transformation 24/7, with support when you need it.

Ready for our premier open banking platform?

OpenID Connect Certified

Pass your audit: FAPI Certified

Gluu is certified to conform with the Financial Grade OpenID Provider profile. Called “FAPI” for short, this profile provides detailed requirements for the security features needed to perform payments and other bank transactions.  Gluu has also submitted many other certifications for both its OpenID Provider and Relying Party software. In fact, Gluu has sumitted more OpenID certification tests then any other vendor.

CIBA Ready for Offline Authentication

CIBA, or “Client Initiated Backchannel Authentication” is an OpenID standard that is used to enable certain out-of-band security use cases, like when a customer speaks with an agent at a call center.  It’s critically important for the agent to verify the identity of the person calling, and CIBA provides a solution to use a mobile device to accomplish this. Gluu is the only open source implemenation to ceritfy against the FAPI CIBA OpenID Provider conformance profile. 

Flexible Consent Management

Banks have different ways they may want to handle the consent flow for a transaction. Gluu provides extreme flexibility. In some cases, banks may want to redirect to an internal consent management application, and hide all personal information from the third party facing OpenID Provider. In other cases, banks may want to utilize the Gluu Server to present a consent journey, integrating with various backend systems. Gluu supports both approaches, enabling a bank’s product team to specify their preference.

Implement OpenID Connect offline access

This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User’s User Info Endpoint even when the End-User is not present (not logged in).

PSD2 Solution

The revised Payment Services Directive (PSD2) allowed ubiquitous financial transactions among EU member countries. Gluu supports strong customer authentication (SCA) methods supporting all modern Multifactor Authentication methods  and is designed to ensure the tokens remain unchanged without prior the knowledge of the payment service. 

Open Banking Certified Client API

Gluu’s client API (oxd) will dynamically register an OpenID Connect client and return an identifier for the application which must be presented in subsequent API calls. Gluu can act as a translation service to ensure your service transactions conform with FAPI-CIBA requirements.

Build a Digital Banking Platform with APIs

Gluu Partners with leading Fintech solution providers empower them to set the new standard when building modern banking mobile applications. By securing their APIs with Gluu’s authentication engine Fintech’s are able to transact confidently with their clients without the need to rip and replace their existing infrastructure. Gluu’s certified FAPI-CIBA conformant solutions are licensed as open source providing maximum flexibility without locking up your data system in a proprietary or legacy technology. Gluu can easily be configured to be scalable for on-premises systems as well as the leverage elastic computing provided by newer, cloud-native technologies. 

System APIs

System APIs abstract data and functionality from core systems into discrete building blocks. System APIs also ensure that data provided aligns to enterprise data models.

Process APIs

Process APIs draw from system APIs to perform processes. Process APIs simplify and automate a workflow by compiling system-level building blocks into a discrete process that come in the form of a composite application.

Experience APIs

From an experience perspective, the reuse of system and process APIs across all channels allows customers to consistently initiate payments through any channel, in any format, and in any currency.


Ready to modernize your customers' engagement?

« »