marcuskincaid

I’m testing with a very simple setup:
– WordPress 4.0, no other plugins activated/installed other than Header Login.
– Header Login minimally configured (username header, email header, authenticating header and logout URL). Non-existing users don’t get an account.
– Firefox with HTTP Header Mangler extension configured to provide two additional HTTP headers: one for the username, one for the email address. The username is the authenticating header.

The problem:
It seems the authentication itself is working. I dare to tell because if provided with the properly filled HTTP headers, WordPress recognizes me and shows me my username on the top right. If I provide a non-existing user, WordPress doesn’t display the top bar.

What doesn’t work is wp-admin. Assume my WordPress URL is http://www.example.org. If I try to access “http://www.example.org/wp-admin”, the address gets rewritten to “http://www.example.org/?redirect_to=http%3A%2F%2Fwww.example.org%2Fwp-admin%2F&reauth=1” and the page stays the same.
If I provide a wrong username or any headers at all, I’m able to access the login page (which is rewritten to “http://www.example.org/wp-login.php?redirect_to=http%3A%2F%2Fwww.example.org%2Fwp-admin%2F&reauth=1”). What bothers me here is that I’m not able to manually log in (though that might be intentional).