While looking at CentralAuthenticationServiceImpl.java, I noticed something strange. There are two overloaded methods for grantServiceTicket().
The one that accepts ‘credentials’ says in its javadocs: ‘throws IllegalArgumentException if TicketGrantingTicket ID, Credentials or Service are null.’ 
The one that does not accept ‘credentials’ passed null instead. No exceptions are thrown. 
I am guessing the docs are misleading.