diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm
index e8e741566..3cdc9c018 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm
@@ -121,6 +121,12 @@ sub issuerForUnAuthUser {
             "Get validate request with ticket $ticket for service $service",
             'debug' );
 
+        unless ( $ticket =~ s/^ST-// ) {
+            $self->lmLog( "Provided ticket is not a service ticket (ST)",
+                'error' );
+            $self->returnCasValidateError();
+        }
+
         my $casServiceSession = $self->getCasSession($ticket);
 
         unless ($casServiceSession) {