The release of 12.8.08 introduced new claims in the IDToken that can used for new features like front end SLO and refresh token rotation. These are the iss and jti claims.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/New-Features/new-features-in-12-8-08.html

New Parameters in ID Token: SiteMinder now includes the sid (session ID) and jti (token identifier in a session store) parameters in an ID Token.

R12.8.08 and higher

Any OS

If your code is hardcoded to only accept certain claims, it will report an error with the new ones added in the upgrade.

Example error:

 "exceptionTrace": "com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field \"sid\" (class com.custom.authentication.model.JWTBody), not marked as ignorable (11 known properties: \"sub\", \"LastName\", \"auth_time\", \"iss\", \"FirstName\", \"iat\", \"exp\", \"aud\", \"groups\", \"employeeID\", \"email\"])

The new claims cannot be disabled even if you are not using front end SLO or refresh token rotation. They are acceptable as part of the OpenID spec and your code should be modified accordingly to ignore them as per the spec.

Spec link:

https://openid.net/specs/openid-connect-core-1_0.html#IDToken

ID Tokens MAY contain other Claims. Any Claims used that are not understood MUST be ignored. See Sections 3.1.3.6, 3.3.2.11, 5.1, and 7.4 for additional Claims defined by this specification.