Sandy,
Thank you. i forgot to come back to this and add our solution, as suggested by Pete Burant of CA Support.
We have an aspx page that collects credentials as IWA would and examines the domain. based upon the domain it sends them to a protected resource that uses the correct authentication scheme to get them logged in. the resource takes the target (sent form the selector page), and decodes it, forwarding them back to their starting point.
We had to use an small group for testing, but it is working well. We are working to expand the test group.