When using SSO there's no way to do this. SBM has several authentication types available with increasing levels of security. We do support an authentication type that allows for login parameters on the URL (Form/URL/Cookie) but this does not work for all authentication types.
SSO is our most secure form of authentication and session management. It has a plethora of safe guards built into it, one of which is the prevention of replay attacks. This is why the above request to the login page doesn't work. We won't issue security tokens to unsolicited requests.
To do what you're wanting to do here it would be best to have a little programmatic interaction where you go through the login process then make the request for the script to run.
Put the username and password in the wsse:Username and wsse:Password elements in the SOAP WS-Security header. The response would be either a SOAP fault if you failed or a WS-Trust RequestSecurityTokenResponse SOAP message. The response is too big for me to post here but you need to extract the token from