This design is required when you have chosen not to use the SharePoint 2007 Single Sign-On service and some MashZone NextGen Servers reside in different domains than your SharePoint servers.

Because user credentials are not stored by the Single Sign-On service, MashZone NextGen Servers cannot retrieve these credentials via the Token Service. Because the SharePoint and MashZone NextGen Servers are in different domains, cookie forwarding cannot bridge this gap.

This results in manual authentication, requiring users to login to each MashZone NextGen Server as they access mashups or apps hosted by that MashZone NextGen Server to create a session or when an existing session with a MashZone NextGen Server expires.