CareOnMFA - Multi-Factor Authentication Proxy

CareOnMFA is an LDAP proxy endpoint that provides enhanced security through multi-factor authentication (MFA) for Netcare's authentication infrastructure. The system acts as an intelligent intermediary between client applications and the Netcare LDAP directory, adding an additional layer of security verification when required.

How It Works

CareOnMFA operates as a transparent proxy that:

1. Receives authentication requests from client applications via standard LDAP protocols (search and bind operations)

2. Evaluates authentication requirements by checking user attributes and prescription rights in the Oracle database to determine if additional verification is needed

3. Performs selective MFA verification through integration with Netcare's AES (Authentication & Enhancement System) using the Trust Factory framework

4. Routes authenticated requests to the downstream LDAP servers once verification is complete

Key Features

• API-Based Verification: Unlike traditional MFA systems that use SMS or authenticator apps, CareOnMFA uses external API-based verification through the AES system
• Selective Authentication: Not all users require MFA - the system intelligently determines requirements based on user roles and prescription capabilities
• Trust Factory Integration: Uses Netcare's trust factory system to identify which users need enhanced authentication
• High Availability: Designed to work seamlessly with LDAP cluster infrastructure (ncdcnsldap01/ncdcnsldap02)
• Comprehensive Logging: All authentication attempts are logged to PostgreSQL for audit and monitoring purposes
• Session Management: Uses Redis for efficient session tracking and caching

Technical Components

• LDAP Proxy Server: Handles standard LDAP search and bind operations
• Oracle Database Integration: Queries employee prescription rights
• PostgreSQL Logging: Comprehensive audit trail of all authentication events
• Redis Cache: Fast session management and state tracking
• AES API Integration: Real-time verification with Netcare's Authentication & Enhancement System

Use Cases

CareOnMFA is primarily used for:

• Healthcare professionals requiring access to prescription systems
• Users with elevated privileges in clinical applications
• Any authentication scenario where additional verification is mandated by security policy