This is not an issue that I can reproduce. I have crafted an authenticate user server behavior and and access rule for it very similar to yours. I used only a single column for the authentication, password, and stored some session variables based on other columns in the table.
I then applied an access rule to a page much like yours and I was able to login successfully and pass the rule. It looks as though you have customized the trigger for this authenticate user server behavior. What is the result you get with this server behavior by default?
It seems that the error is referring to the authentication rule in your custom trigger, what happens if you do not have this part in your custom trigger?