Yes, the IWA Fail Over To Forms feature slated to release in R12.7 should cover your scenario.
In the meantime, if you want to implement something now to meet your requirements you do not need to use the agent API or write an authentication scheme, you can do it all in JSP/ASP/JavaScript etc.
From my second reply in the conversation: https://communities.ca.com/ideas/113117040 .....
If the real requirement is to let internal user’s login with IWA, but have external users login with HTML Forms Auth, another possible solution you could implement is:
Use HTML Forms Auth as the method protecting the resources, but use a JSP/ASP/PHP/Servlet etc to display the login form, and include logic that tests for the internal IP Addresses you use (192.168.x.x, 10.x.x.x, etc) and if an internal IP address is detected, redirect to a “helper” realm that is protected with IWA, otherwise display the HTML Form Login Page.
The "helper" realm should be protecting a simple redirect script that will redirect the user to their original TARGET resource once the user is authenticated and authorized. Note that this solution does not provide failover if for some reason an internal user fails IWA authentication. If an internal user fails IWA authentication they will be prompted for BASIC auth credentials by their browser.
Rick