U2F tokens and PrivacyIdea Credential Provider

Hello everybody,

what I would like to achieve is a login via a FIDO2-certified key to a windows10 PC running the PrivacyIdea Credential Provider.

To test, I enrolled a U2F token for a user using a FIDO2-certified key. PrivacyIdea ackwnoledges the registration of the key without any problems and the user can login to the PrivacyIdea web interface using his key. Wonderful.

If the same user now tries to login to his PC running the Credential Provider, he inserts his username and password first, the credential provider sends this info to the PrivacyIdea server which in turn starts the trigger/challenge process and asks the user to make use of his security key to complete the login.

The problem is that the login process is never completed even after the key has been inserted and its button pushed. The Credential Provider keeps displaying a 2FA input field with a message that says to use the registered key to complete the login.

My question is, does the Credential Provider fully support challenge response tokens?

PS: The Credential Provider works wonderfully with a TOTP token.

Many thanks in advance.

Hi @ll4strw
welcome to privacyIDEA community.

The credential provider currently does not suppoer U2F or FIDO2 tokens.


Hi @cornelinux, many thanks for your prompt reply. I am wondering if U2F tokens are also unsupported by the PrivacyIdea keycloak plugin.

The latest release does: