Manual set of the service param in CAS Authentication

Currently, the authentication module uses the Referer header to build the service param in the CAS protocol. This is an unnecessary security feature as the Referer header is not a reliable source to determine the client host.

Instead, to give more flexibility to the users and support direct authentication with the API without a middle client, the service param can be given directly to the API. This change will not remove the whitelist feature to set the possible clients that can authenticate through the API.

Additionally, a wildcard * can be added to allow any client if desired.