Secure Assertion Markup Language (SAML) is a protocol specified by OASIS. It is used to authenticate and authorize users across network borders. The user authenticates once against an identity provider. After this he can use all SAML services, that trust this one identity provider (Single Sign On).
There are a few free implementations of this protocol. There is a privacyIDEA plugin for SimpleSAMLphp so that you can do two factor authentication with SAML. SimpleSAMLphp with the privacyIDEA plugin is also integrated in the Univention Corporate Server.