Gluu Open Banking Identity Platform

Your Infrastructure. Your Security Policies.

FAPI and CIBA Certified

To comply with Open Banking regulatory requirements, banks must quickly launch a certified financial grade OpenID Provider.  Gluu’s solution provides both the functional and operating components to deploy on any cloud.  As a standards-based solution, it can work with any Open Banking API platform or gateway, and any existing customer authentication infrastructure. 

Gluu’s Open Banking Platform enables compliance with new standards required by regulators to secure financial APIs. Banks can also use Gluu software to implement Secure Customer Authentication (“SCA”).

Banks can launch a modern, elastic, multi-cloud digital identity infrastructure that is unique when compared to existing self-hosted monolithic offerings and is innovating to meet tomorrow’s requirements. 

Get Started with Open Banking

Gluu’s open banking distribution provides the streamlined core to your open banking needs.

Our open banking solution is trimmed down to increase performance and reduce the security surface area.

Gluu is the premier choice for your open banking needs, securing your digital transformation 24/7, with support when you need it.

gluu open banking diagram

OpenID Connect Certified

Pass your audit: FAPI Certified

Gluu is certified to conform with the Financial Grade OpenID Provider profile. Called “FAPI” for short, this profile provides detailed requirements for the security features needed to perform payments and other bank transactions.  Gluu has also submitted many other certifications for both its OpenID Provider and Relying Party software. In fact, Gluu has submitted more OpenID certification tests than any other vendor.

CIBA Ready for Offline Authentication

CIBA, or “Client Initiated Backchannel Authentication” is an OpenID standard that is used to enable certain out-of-band security use cases, like when a customer speaks with an agent at a call center.  It’s critically important for the agent to verify the identity of the person calling, and CIBA provides a solution to use a mobile device to accomplish this. Gluu is the only open-source implementation to certify against the FAPI CIBA OpenID Provider conformance profile. 

Flexible Consent Management

Banks have different ways they may want to handle the consent flow for a transaction. Gluu provides extreme flexibility. In some cases, banks may want to redirect to an internal consent management application and hide all personal information from the third party facing OpenID Provider. In other cases, banks may want to utilize the Gluu Server to present a consent journey, integrating with various backend systems. Gluu supports both approaches, enabling a bank’s product team to specify their preference.

Implement OpenID Connect offline access

This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User’s User Info Endpoint even when the End-User is not present (not logged in).

PSD2 Solution

The revised Payment Services Directive (PSD2) allowed ubiquitous financial transactions among EU member countries. Gluu supports strong customer authentication (SCA) methods supporting all modern Multifactor Authentication methods and is designed to ensure the tokens remain unchanged without prior knowledge of the payment service. 

Open Banking Certified Client API

Gluu’s client API (oxd) will dynamically register an OpenID Connect client and return an identifier for the application which must be presented in subsequent API calls. Gluu can act as a translation service to ensure your service transactions conform with FAPI-CIBA requirements.


Pushed Authorization Requests-PAR

PAR is handled by an additional endpoint of the Authorization Server (AS). Clients POST their authorization parameters to this endpoint, in return the clients get a reference (named as request URI value) that will be used in further authorization requests by the client. PAR enables the OAuth clients to push the payload of an authorization request directly to the authorization server in exchange for a request URI value. This request URI value is used as a reference to the authorization request payload data in a subsequent call to the authorization endpoint. We can set different PAR lifetimes for different clients. 

JWT Secured Authorization Response Mode-JARM

This is a new JWT-based response mode to encode authorization responses known as JARM, (see Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0). Here clients are enabled to request the transmission of the authorization response parameters along with additional data in JWT format. This mechanism enhances the security of the standard authorization response since it adds support for signing and encryption, sender authentication, and audience restriction. It also provides protection from replay, credential leakage, and mix-up attacks. It can be combined with any response type.

Build a Digital Banking Platform with APIs

Gluu Partners with leading Fintech solution providers to empower them to set the new standard when building modern banking mobile applications. By securing their APIs with Gluu’s authentication engine Fintechs can transact confidently with their clients without the need to rip and replace their existing infrastructure. Gluu’s certified FAPI-CIBA conformant solutions are licensed as open-source providing maximum flexibility without locking up your data system in a proprietary or legacy technology. Gluu can easily be configured to be scalable for on-premises systems as well as leverage elastic computing provided by newer, cloud-native technologies. 

Download VM or Cloud!

The Open Banking distribution is open source. If you love Kubernetes and Linux containers, you can try either the Cloud Native distribution

You can configure the Gluu Open Banking Identity Platform to satisfy several use cases: Authorization, Identity, Mobile push notifications (CIBA), and Dynamic Client Registration.

Dynamic Client Registration

One of the challenges of many banking ecosystems is scaling trust management–which clients are authorized to call your bank’s new open APIs? The Gluu Open Banking Identity Platform gives you the ability to validate software statement JWTs issued by a banking ecosystem operator. You have quite a bit of flexibility to integrate with internal systems for provisioning, intrusion detection, or audit.

Security Minimization

In an Open Banking ecosystem, where the OpenID Provider is registering and issuing tokens to third parties, it’s essential to minimize services and software. Any software running on the Authorization Server that is not essential is a liability. The Open Banking Distribution has a special security profile that maximizes the operational security readiness to improve its security posture.

Be ready for new open banking requirements

« »