defender

Defender uses a PAM module to protect Linux authentications. The authentication for the Apache server would have to use the pam stack. You can read more about Defender and the PAM module here.

Defender 6.1 - Administration Guide (oneidentity.com)

Unfortunately, it does not have a specific Apache plugin. 

But please there is no other oneidentity solution I can integrate with Defender to protect  Linux Apache server.

One of our client want to protect his web application login using 2FA

Defender also acts as a Radius server. If Apache authentication could be set up to use Radius that could like be used. Basically, anything that can use Radius in a standard way can work with Defender. 

I have not set it up however but might be worth looking at. 

I implemented my radius using mod_radius_auth.

When I define on my DFS to use AD password It work fine.but concerning using token it does not work.

How should I procceed??