You would need to enable claims authentication in applicationB for this to work. In other words, you would need to setup the same system.identityModel
web.config settings in applicationB as in applicationA (as you've shown in your example).
Is there a reason that the JavaScript needs to be secured? If the scripts aren't secured, why not just make them accessible to everyone so you won't need to worry about the single sign-on across sites?