diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 89c4eab5f..9f9e0ac2d 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2334,6 +2334,19 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 	}
 
 	if (!wps->wps->ap) {
+		/*
+		 * Update credential to only include a single authentication
+		 * and encryption type in case the AP configuration includes
+		 * more than one option.
+		 */
+		if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
+			wps->cred.auth_type = WPS_AUTH_WPA2PSK;
+		else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
+			wps->cred.auth_type = WPS_AUTH_WPAPSK;
+		if (wps->cred.encr_type & WPS_ENCR_AES)
+			wps->cred.encr_type = WPS_ENCR_AES;
+		else if (wps->cred.encr_type & WPS_ENCR_TKIP)
+			wps->cred.encr_type = WPS_ENCR_TKIP;
 		wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
 			   "on the modified AP configuration");
 		if (wps->wps->cred_cb)
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index b6c9bc941..a4efc6ec5 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -210,6 +210,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
 	if (wpa_s->conf->wps_cred_processing == 1)
 		return 0;
 
+	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
+	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
+		   cred->auth_type);
+	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
+	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+			cred->key, cred->key_len);
+	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
+		   MAC2STR(cred->mac_addr));
+
 	if (cred->auth_type != WPS_AUTH_OPEN &&
 	    cred->auth_type != WPS_AUTH_SHARED &&
 	    cred->auth_type != WPS_AUTH_WPAPSK &&