Stephan Traub

Here is the debug version: [Download](https://cloud.sbidy.de/s/55PRA7RZQk4BtiW) Please use only for testing. To get/read the debug messages please use the DebugView from the Sysinternals tool set --> [DebugView v4.81](https://docs.microsoft.com/en-us/sysinternals/downloads/debugview). The debug...

Hey Teddy, I can reproduce the error if I define a wrong username and password combination in the provider configuration file. Can you please check your config and the user?...

Yes, you must run the debugview tool in the capture mode open. 1. Start the debugview 2. Click on "Capture Global Win32" and "Capture Events"  3. Now you should...

@cornelinux from a API perspective the trigger will be the same as for the Mail or SMS token? (https://privacyidea.readthedocs.io/en/latest/modules/api/validate.html#post--validate-triggerchallenge) In this case the implementation is still there. Please correct me...

Hey, that is a good point. In the current implementation you can only define one realm per provider. The API endpoints (e.g. `/validate/triggerchallenge`) doesn't support multiple realms ([documentaion](https://privacyidea.readthedocs.io/en/latest/modules/api/validate.html#get--validate-triggerchallenge)). Maybe @cornelinux...

Yes that's true. I'll push that enhancement to the backlog. But the provider is currently not under "heavy" development.

Let me check that ... Maybe I can destroy the object in a safe way to prevent that caching behavior.

In my opinion is that a "bug" from the MS .Net cryptographic functions itself. The key iteself will be encrypted by the `envelopedCms.Decrypt` and the `DecryptMsg` function. There is no...

Hey, thanks for the research - yes that can be a possible solution. I'll check the `EnvelopedCms.Decrypt()` to envelope the key. I'll try to release a modified testing version today.

I've drafted a release for that - after short tests it looks like a possible fix for that problem. Please load the V1.4b from the releases and test again.