Thanks for clarifying. We will add the “Alternate login options” text to the translations. The prompt “Please confirm with your WebAuthn token…” is from the server and has to be translated there.
What you are experiencing is the expected behavior. If you enable triggerChallenge, the account you specified in the config (‘serviceAccount’ => ‘testanv@superadmins’,‘servicePass’ => ‘**************************’) is used to trigger all challenge-response token for the current user. This does not require the token’s PIN and has the advantage that the challenge-response token are ready to use in the second step. In contrast, if you trigger with the PIN, you need 3 steps to login with a challenge-response token (1. username+pw, 2. PIN to trigger, 3. actual token).
If you do not use doTriggerChallenge, you can remove the account credentials from the config, they are used only for that feature.
If you want to use HOTP/TOTP with PIN, you have to enter the PIN followed by the OTP value both into the OTP field.
In your previous response you wrote:
I still don’t really understand that - in which case do you have to “do more” now compared to the old version? Would you like to have your YubiKey flashing instantly without clicking the button?