Let me provide more details and explain the scenario. The plugin is configured to auth users through one AD server (no SSL). I enabled the “Automatically create new WP user” and “Auto update users…”. All other options are set to defaults.
When I navigate to the test.php page and try [email protected] and valid AD password the test is successful and user is created in WP. The same happens if I navigate to login page on my WP site (/wp-login.php). After successful login, user is forwarded to the user profile page. So up to this point all works as expected.
After log out, browser is forwarded back to the login screen. At this point I can enter the same AD user credentials “[email protected]” and whatever string as password (valid AD password works as well). User is authenticated and forwarded back to the profile page.
To make sure there is no cashed session of some sort, I tested with closing the browser, clearing cookies, resetting IIS.
