One of my clients is looking to have the login page for the application protected by CA SSO to be hosted outside web agent. I would like to know if we have options to support this kind of setup?
Yes, you can host the login page outside. When you define the Authentication Scheme you can just indicate which server its hosting it:
You can find more information at the following locations:
Authentication and a Centralized Login Server - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Configure HTML Forms Authentication - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Here are some tips & samples.