diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index fe5f81717..b67b8522e 100644
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
 	for (entry = pmksa->pmksa; entry; entry = entry->next) {
 		if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
 			continue;
-		if (wpa_key_mgmt_sae(entry->akmp)) {
+		if (wpa_key_mgmt_sae(entry->akmp) ||
+		    wpa_key_mgmt_fils(entry->akmp)) {
 			if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
 				return entry;
 			continue;
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index e481dd5d6..cb2a8674a 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
 	os_time_t old_expiration = old_entry->expiration;
 	const u8 *pmkid = NULL;
 
-	if (wpa_key_mgmt_sae(old_entry->akmp))
+	if (wpa_key_mgmt_sae(old_entry->akmp) ||
+	    wpa_key_mgmt_fils(old_entry->akmp))
 		pmkid = old_entry->pmkid;
 	new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
 				    pmkid, NULL, 0,