Well, while adding pje.tjmg.jus.br and pje.tjmg.jus.br to brave://settings/content/braveShields to turn Shields off there is easier, I still think it can be used without turning shields off, so I researched with the links you gave.
First these rules should be the good ones to use:
@@*$domain=tjmg.jus.br
@@*$domain=tjdft.jus.br
I can see that when I click the “Certificado Digital” button, shields block http://localhost:8800/pjeOffice/ and that rule will allow, any connection in those subdomains.
Of course I split it in two rules because it is better so you don’t allow more than it is not needed.
I noticed sso.cloud.pje.jus.br cookies being blocked because they are technically seen as being from another domain, even if they are the same.
So if site still breaks, you can go to brave://settings/cookies and add two entries [*.]tjmg.jus.br and [*.]tjdft.jus.br with the checkbox to allow third-party cookies, to allow the cookies only in those sub domains, without allowing anything in others.
You could also add sso.cloud.pje.jus.br directly or even [*.]pje.jus.br, but this means every website would be allowed to see these cookies as 1p or 3p, which is not what I would recommend.
That’s why it is important to give the exact URL where you are having issues, things changes between domains and subdomains.
Buti t is always interesting to deal with different scenarios without turning shields off, it shouldn’t be needed 99% of the time but takes testing and trial and error in some cases.