GraphQL API subscribe() call returns Unauthorized exception with JWT token

Hello, customer is building an app that uses Cognito User Pools federated with on-prem Central Authentication Service (CAS) via SAML. This provides JWT tokens. With this token they are calling GraphQL API from AppSync implemented via Amplify with DynamoDB. They are using "aws-amplify" library for this. There are no errors when the call is a query or mutations. For example: API.graphql(graphqlOperation(<some query here>, {}, <token>)).then( (res) => (....) But there is an exception if the call is of type "subscribe", example: API.graphql(graphqlOperation(<some subscription name here>, {}, <token>)).subscribe({ next: (data) => (....) message: "Connection failed: UnauthorizedException"

I can provide more details or arrange a customer call if anyone is eager to help out with this issue.