Erm.. the user has authenticated with your domain, and you want to redirect the browser off to another domain, bypassing that domain's security prompt. Are you surprised it does not work? I think...