Figured out the problem thanks to Adrian Schlegel
With ACP 9.0.4 Adobe introduced the Enhanced Security feature wich is on by default (http://blogs.adobe.com/connectsupport/using-the-xml-api-with-enhanced-security/).
For the Plugin to work you need to disable this feature. This works at the moment.
According to Adobe they will enforce this in the future:
"Make sure to update such integrations with session identifier after
logging in and use secured Web Services APIs so that the integrations
keep working after this option is removed in the near future and
enhanced security is enabled by default."
So I guess the plugin will have to be updated to be able to use the secured Web Services APIs.
Would be nice to have SSO enabled for Hosted solution like they have for the Webinar Plugin.