The second main use of logon tickets (unlike assertion tickets that are valid only for one system and one client) is to authenticate the user with other systems and clients. When accessing another system, the foreign system must also validate the digital signature and if correct, extract the user name from the cookie. For this to work, the two systems must be in a trusted relationship with one another. Effectively, both systems have information about the digital certificates of the other system, which allows them to verify signed information from the other system.
For a trusted relationship, all relevant systems must be configured to accept the logon ticket of the other system.
The SAP user ID must be the same on all systems.
In the SAP NetWeaver library in the SAP Help Portal (http://help.sap.com/netweaver), search for the term Maintaining Trust Relationships between SAP Systems.