This is my first post so apologies if the question has landed in the wrong forum and/or is too trivial.

I am trying to integrate a two factor authentication solution with a mail server that is hosted on Apache Tomcat. Right now the app is using form based authentication and the user enters his User name and password and is authenticated against openLDAP as back end.

What we want is the following -

1). User enters his Un and PWD
2). The request is "intercepted" and put on "hold"
3). A one time pwd (OTP) is generated and sent as SMS to the user.
4). The user sees a new page with a box to enter that OTP.
5). The user enters his/her OTP sent as SMS
6). The OTP is verified and if true the "held" request in step "2" is forwarded for further authentication

The trouble is that I have no access to source code of teh mail server app.

I can achieve something very similar in IIS(microsoft) using an ISAPI filter but need to know how to achieve this in Apache?

I am looking on the lines of Valve/Filter and SAML but have no clue how and where to progress?

Any help is hugely appreciated.