Just to followup as an alternative and a more expected solution when using custom authentication. (The solution using pxReqServletNameReal is fine as well)
When you are using a Data-Admin-AuthService you can can specify a different login screen in the Custom tab in the "Credential Challenge Stream".
When the login activity challenges for credentials: param.pyChallenge = @java("PRAuthentication.DEFAULT_CHALLENGE") the deafult HTML rule used is Web-Login when nothing is specified in the "Credential Challenge Stream". If a different record is specified then that one will be used.
So you can simply copy Web-Login, rename, and place in a ruleset that is available to unauthenticated users.
There is also a field for Authentication Fail Stream which will also behave the same way and call Web-Login with errors if there is an authentication problem. Here you can futher customize for errors if needed.