AzureIstioSecurityFilter sets roles when setting authentication. Passing roles are redundant as the Partition service does not perform role checks on the SA token. If a user accidentally assigns the roles then AzureIstioSecurityFilter throws the following error. The issue itself is caused due to spring-boot upgrade as mentioned in this post:
final JSONArray roles = Optional.ofNullable((JSONArray) claimsSet.getClaims().get("roles"))
.filter(r -> !r.isEmpty())
com.nimbusds.jose.shaded.json.JSONArray cannot be cast to net.minidev.json.JSONArray
AzureIstioSecurityFilter doesn't set roles when setting authentication. This will not impact as the partition service does not perform role checks on the SA token. Partition service only authorizes token of a type service principal and issuer with v1 or v2 aad url.