If you installed a default GlassFish 4 instance, then there is only the admin user with no password. The password file for that user is in the domain configuration directory named "admin-keyfile". In this situation when you access the GlassFish admin console no authentication is required.
In your plugin configuration just provide the user and the password file (delete the adminPassword entry):
<user>admin</user>
<passwordFile>[...]\domains\domain1\config\admin-keyfile</passwordFile>
If you decide to change the admin password with the asadmin utility then change the plugin configuration in your pom.xml as follows:
<user>admin</user>
<adminPassword>YOUR_NEW_PASSWORD</adminPassword>
For further details check the Security Guide in the GlassFish 4 Documentation (https://glassfish.java.net/docs/4.0/security-guide.pdf)