After looking at the docs again (and opening my eyes a bit more) I would make a small change to the token authentication method - instead of requesting a dummy ST for each request I just try to validate the TGT with this endpoint:
GET /cas/v1/tickets/[TGT] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9be19816-87b1-4408-a5b5-07418e8fd166%40apereo.org.