diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java
index e05085fd36..491d521483 100644
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java
@@ -20,12 +20,9 @@ public class ApiKeyFilter extends AnonymousFilter {
         // 不是apikey的通过
         if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) {
             // sso 带了token的
-            String token = httpRequest.getHeader(SessionConstants.SSO_TOKEN);
-            if (StringUtils.isNotBlank(token)) {
-                String userId = SSOSessionHandler.validate(httpRequest);
-                if (StringUtils.isNotBlank(userId)) {
-                    SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
-                }
+            String userId = SSOSessionHandler.validate(httpRequest);
+            if (StringUtils.isNotBlank(userId)) {
+                SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
             }
             return true;
         }