When performing proxy authentication there is a bug where the verify code needs to lookup the PGTIOUT -> PGT/TGT mapping created in the proxy callback, using the PGTIOU returned by CAS (you can see this in the protocol documentation shown here). Unfortunately it seems as if it is currently attempting to lookup the mapping by interpreting the PTGIOU returned by CAS as a PGT/TGT.
When performing proxy authentication there is a bug where the verify code needs to lookup the PGTIOUT -> PGT/TGT mapping created in the proxy callback, using the PGTIOU returned by CAS (you can see this in the protocol documentation shown here). Unfortunately it seems as if it is currently attempting to lookup the mapping by interpreting the PTGIOU returned by CAS as a PGT/TGT.