When iDempiere system configured to use password hash, webstore expect webuser should belongs to role. this is bug prevents newly signed in user from getting logged in.
We have fixed and attached patch shortly.
Please find patch with fix.
I think that your condition is missing validation for AD_Client_ID of AD_User. see
Please consider in your patch also