I think that you are misunderstanding the question.
I have successfully deployed the plugin and have gotten a valid cloneTicket back from Vcenter for the currently logged in session. I pass that cloneTicket to the remove server where I attempt to make the SOAP client call the SessionManager.CloneSession() function and pass it the cloneTicket in order to get a user session from which I can use the key. The vCenter server errors with: "Server raised fault: 'The session is not authenticated.'"
Referencing the documentation link you provided, on page 94 I have successfully gotten through step 6. It is when I attempt to use this clone ticket that I have gotten from the logged in user session that the Web Client API complains that the current Web Client session isn't authenticated.
Although I cannot find this in the VMware documentation anywhere, I speculate that you are required to already have a vCenter User defined and use that login/password combination to first establish your Web Client API session. I would assume that best practice would be to create the vCenter user to have 'No Access' but to a have valid username/password combo. Use that account/password combo to login to the Web Client API for the initial session. Grab the clone ticket and get the key from the user. Then use that key to clone the user's session onto your Web Client session, i.e. the one with 'No Access'.
This would explain why there are vCenter users used by VMware's internal plugins like HA, etc. Users like kbrtgt, waiter, etc. exist for a reason and I assume that this is how it works. But we all know what happens when you assume. However, since I can't find any documentation on this process all of this is merely speculation.
It would be most appreciated if you were to provide actual documentation that spelled out this SOAP process. The Developing Remote Plug-ins guide only provides several lines of Java Code in an attempt to explain the SOAP interaction and none of the Java code is documented.
