Yes, we did get this going.
We ended up editing the web.xml file for OpenSSO, and added an error-page
<error-page>
<error-code>401</error-code>
<location>/errors/401.jsp</location>
</error-page>
In the 401.jsp there's a response.addHeader("Www-Authenticate", "Negotiate"); and the HTML with javascript the user-agent uses to select a different module.
[Message sent by forum member 'suchet']
http://forums.java.net/jive/thread.jspa?messageID=479324