Spread authentication protocol that supports multi-factor authentication

Let's suppose that I have authentication infrastructure that provides multi-factor authentication. I want to create a service which will authenticate users for some clients. Clients have different web servers like Apache, jBoss, TomCat, WebLogic, IIS 7.0, and some other.

I need to insert an existing java front-end into my infrastructure based on some authentication protocol to interact with my clients' servers. The requirements are: existing solutions for clients' servers that will need minimal changes and settings at client side.

Upd1 : Interaction between font-end and clients' servers should be secure, based on shared secret.

Upd2 : The client's user shouldn't know anythi开发者_StackOverflowng about my service.

Please ask for more details...

Sounds like you do indeed need a SAML IDP which enforces multi factor authentication. SAML is supported across platforms (Java, Spring Security, PHP and .NET come to mind). If you're looking for a hosted solution check out our Cloudseal platform. If you want an open source solution you may want to look at CAS, although you will have to code your own integration with a multi factor authenticaton system.