Given a scenario where a web hosted IdentityServer3 only handles authorization, being user authentication handled by an external custom service, what is required to implement to support this? A custom OWIN middleware?
Either connect to your "external custom service" form within your IUserService (idsrv specific) - or treat it as an external identity provider. In that case you need to write a Katana authentication middleware for it (reusable Katana component).
For the UserService check the IdentityServer docs. For Katana authentication middleware - not sure if there is official documentation for that - I covered that briefly it in my Web API security course.