We ended up using a combination of Yubikey and AuthLite - works great for anything you need to authenticate. AuthLite integrates with AD and the YubiKey code ends up being the "username" and you enter your password. Since it's all just keyboard input, works fine locally and remote. No need to integrate any authentication protocols between the systems, all that magic happens on the backend.
Customer support service by UserEcho