When using the CAS Plugin in Jenkins. If you check the Force Renewal checkbox in Configure Global Security it doesn't actually check for renewal on ticket validation.

When you browse to Jenkins, it redirects you to CAS with url like: https://my.cas.com/login?TARGET=https%3A%2F%2Fmy.jenkins.com%2Fjenkins%2FsecurityRealm%2FfinishLogin&renew=true

If you remove the '&renew=true' part of that URL and hit enter, Jenkins lets you in. This seems to indicate that Jenkins isn't validating the renewal.