Develop a custom Authentication Handler for CAS to enable Multi-factor authentication.
CAS server code is by default configured to run the SimpleTestUsernamePasswordAuthenticationHandler. This handler just checks the username is same as the password to authenticate. This does not require any prior storage for username and password ( ex:username and password stored in a database). This logic implemention can be located in the server code (version 18.104.22.168) at org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler.java.
This has been configured in the deployerConfigContext.xml file. So in order to have your own authentication handler, just Change the handler definition in this xml file to the location where we have defined your new logic.
Building the new war file with Maven
Maven is a Apache build manager for Java projects. Once we have changed the source code, we need to build the new war file reflecting the changes. This is done by using the maven. Go through the follwing link from jasig site for building the new war file. This link also dicusses how to change the default authentication handler to a another simple authentacation logic which is readily provided along with the server code.
The idea for multi-factor authentication is to develop a one-time passcode by an external application and use it along with the password for authentication. The external application would be mobile application which runs on mobile phone. This method is called as mobile-OTP.
Configuring 1st factor of authentication
This can be done by database with JDBC for mysql (or any other) database system. The handler for supporting JDBC is already provided in the CAS server code as jar file. Then the CAS server should be configured to use this handler. This configuration process is similar to the steps discussed in previous post. Follow this link for JDBC configuration for CAS https://wiki.jasig.org/display/CAS/Examples+to+Configure+CAS
Additional steps to be carried out if you run into issues by following the above link
JDBC configuration for CAS is successful!