Hello 
First of all, I have reviewed the following topics: Challenge Response problem and I can not validate challenge: “Response did not match the challenge.”
However, I don’t believe they apply in this case, and I apologize if this post is a duplicate.
I am using PrivacyIdea Credential Provider 3.8.0 with a YubiKey enrolled in WebAuthn using FIDO2.
During the login process, if the user enters the wrong PIN, the message “Wrong PIN” appears, and then it redirects back to the OTP field. If I try again to use the key to log in, even before being able to enter the PIN, the message “response didn’t match the challenge” appears.
As a workaround, I was able to use the offline token, or simply avoid entering the wrong PIN.
Could this be a configuration issue with the Credential Provider?
Thanks for reading !