I haven't had a chance to test the latest milestone of Restlet.
We are currently using IBM WAS 6.1 and using j_security_check, but need to switch to CAS for SSO.
You should never use the CAS Cookie token for anything (in theory you shouldn't access it at all ;-)).
Class Cast Exception: Ticket [TGT-11-j45Ct4n0q1v Py G3o F5Fflb WYMj ONJxe W6Wj Dz6Ub6tc3EUq5z9-cas is of type class org.ticket.
Ticket Granting Ticket Impl when we were expecting interface org.ticket.
If both your Receive Location & Send Port are on the same host you can issue the SSO Ticket in your Send Port. You only need to do this if you want to pass the credentials of the caller from the Receive Location through to the Send Port (in which case you can tick it in the receive location (if available) to issue a SSO to that user in the Port).