In the discussion of the issue #3601 with @Arshardh , the $subject was suggested as a further enhancement.

Currently in API Manager's backend JWT generation flow, the request doesn't fail upon user claim retrieval failure. Rather it fails at a further point. Hence the suggestion was to correct this behaviour without breaking the custom implementations of existing users and maintaining the backward compatibility. For this to be addressed it was decided to introduce a new config called continueOnClaimRetrievalFailure under apim.jwt. The previous behaviour will be preserved by default by setting continueOnClaimRetrievalFailure=true.