Crowd v2.7.2

Client: Poco C++ app

Target resource: /crowd/rest/usermanagement/latest/authentication

Error Response body excerpt:
"{"message":"The validated object is null","status-code":500,"stack-trace":"java.lang.NullPointerException: The validated object is null\n\tat org.apache.commons.lang3.Validate.notNull(Validate.java:222)\n\tat org.apache.commons.lang3.Validate.notNull(Validate.java:203)\n\tat com.atlassian.crowd.manager.application.AliasManagerImpl.findUsernameByAlias(AliasManagerImpl.java:35)...}"

Problem:
This resource is returning an 500 internal server error with the above response body. I've successfully authenticated the same configured user using the "/crowd/rest/usermanagement/latest/session", however I don't need an SSO token, and instead want the configured user attributes which are automatically returned in the .../lastest/authentication resource as described here: crowd_docs_link

The API differences between the two resources as far as I understand are:
/authentication
- uses 'username' query param
- only the password is sent in the request body as JSON with key "value"

/session
- no query param used (tested with defaults)
- username and password are sent in the request body as JSON

Both use Basic Authentication for validating our configured Crowd application.

Again, the /session resource succeeded, and I'd rather not do an additional call to /user/attribute just to get the user info that is available through the /authentication resource.

The chages in our code between the the /session resource and /authentication resource is limited to:
- adding the 'username' query param
- trimming the JSON payload down to one property, with key "value" and its value equal to the same password string.

Question:

Am I using the /authentication resource correctly? As this is the authentication portal, there shouldn't be any cookie requirement, correct? Am I missing something?

Any help would be greatly appreciated.

Thanks!