3480995 - SAP CPQ call to regenerate JWT Token Signing Keys

From the 2405 SAP CPQ release onwards, the generation of JWT Token Signing Keys within the Trusted Applications administration is now 128 characters long, and the Secret field on the Credential Management page (for records of type Secret) now requires at least 32 characters.

This is being done to ensure that the length of the JWT secret satisfies the minimum security requirements, which will be necessary for a security patch that is planned to be deployed in the near future.

The security patch will update the library that generates JWT tokens and will require secrets to be at least 32 characters long.

SAP SALES CLOUD CPQ

Please regenerate JWT Token Signing Key for all existing records with JWT Assertion Grant enabled, by following the below steps:

1. Navigate to CPQ Setup
2. Go to Security
3. Go to Trusted Applications
4. Edit an existing record
5. Expand the 'JWT Assertion Grant' section
6. Click on Generate New JWT Token Signing Key under the JWT Token Signing Key field
7. Save.

Note: Please make sure to update the related external applications with this newly generated key from CPQ.

If you still have any concerns regarding this, please reply on the email that you received from us, or you can also reach out to Nikola Maric <nikola.maric@sap.com>.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

As of 2405: Increasing the Minimum Character Length for Generating Secrets for JWT Token Signing Key | SAP Help Portal

Generate JWT Assertion Grant Type | SAP Help Portal

JWT Token Signing Key, regenerate, Trusted Applications, integrations, 2511 release, 2405 release , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , How To