The technical user which represents the ABAP system (in your case: "SL-USER") needs to reside in every user domain (in your case: "ABC.COM" and "XYZ.COM") and a service principal name (SPN) needs to be assigned to it (with SPN = "HTTP/<hostname of the WebDispatcher residing in front of the Fiori Frontend server, as used in the URL>").
Reason: the browser will submit a query for the SPN (derived from the URL, see above) to the current Windows Domain controler (of the user being logged on to the browser).
Please ensure also that the hostname (of the WebDispatcher, used in the URL) belongs to the "local Intranet" (Internet Explorer settings, also valid for Chrome) respectively was added to "network.negotiate-auth.trusted-uris" (Firefox). Otherwise no SPNego tokens will be requested.
If you still face problems, first refer to SAP Note 1732610 (Troubleshooting Note) and if that also does not help, submit an incident report (component BC-SEC-LGN).
Best regards, Wolfgang