Cornelius will give a talk at the ownCloud contributor conference in Berlin on September 11th. Authentication at ownCloud has gone a long way. In version 9.1 finally a new API was introduced to add a second factor.
Although the problem is still, that authentication can not be completely passed to the external authentication system. The user has to provide his ownCloud password first and then will be redirected to a 2nd-Factor-App.
Cornelius is talking about the development of such an app in the new framework and what needs to be done. Finally the privacyIDEA App emerged, which at the moment is only available via NetKnights. This App forwards the credentials of the second factor (usually a one time password) to the privacyIDEA backend.
See you in Berlin!