Refactor authenticator

Signed-off-by: hongming <hongming@kubesphere.io>

pkg/apiserver/authentication/identityprovider/cas/cas.go

@@ -89,10 +89,12 @@ func (f casProviderFactory) Create(options oauth.DynamicOptions) (identityprovid
 	return &cas, nil
 }
 
-func (c cas) IdentityExchange(ticket string) (identityprovider.Identity, error) {
+func (c cas) IdentityExchangeCallback(req *http.Request) (identityprovider.Identity, error) {
+	// CAS callback, see also https://apereo.github.io/cas/6.3.x/protocol/CAS-Protocol-V2-Specification.html#25-servicevalidate-cas-20
+	ticket := req.URL.Query().Get("ticket")
 	resp, err := c.client.ValidateServiceTicket(gocas.ServiceTicket(ticket))
 	if err != nil {
-		return nil, fmt.Errorf("cas validate service ticket failed: %v", err)
+		return nil, fmt.Errorf("cas: failed to validate service ticket : %v", err)
 	}
 	return &casIdentity{User: resp.User}, nil
 }