Manual set of the service param in CAS Authentication
Currently, the authentication module uses the Referer
header to build the service param in the CAS protocol. This is an unnecessary security feature as the Referer
header is not a reliable source to determine the client host.
Instead, to give more flexibility to the users and support direct authentication with the API without a middle client, the service
param can be given directly to the API. This change will not remove the whitelist feature to set the possible clients that can authenticate through the API.
Additionally, a wildcard *
can be added to allow any client if desired.