According to the Unified Communications AJAX Service SDK documentation, CWA 2007 allows for custom authentication:
This feature allows the ISV application developer to provide authentication for the Office Communicator Web Access user using a custom authentication process. Custom Authentication (CA) is typically used when the Office Communicator Web Access users are not utilizing either Microsoft Windows® computers and the associated Integrated Windows Authentication , or forms-based authentication . CA solutions typically function by generating an authorization token as a result of the user authentication process. The token is passed to the client computer in the form of a cookie.
However, the documentation does not go into detail on how this is implemented. I noticed there is a cwaauth ISAPI filter in place that does the authentication for Forms and IWA - is something similar needed for Custom Authentication? Is there any documentation available around this?