From within share it appears that unlike CMIS 1.0 the CMIS 1.1 endpoint is not available via the share proxy so that route doesn't work.
I tried SSO (I'm using CAS) but it looks like the public api authenticator does not look at the request credentials(principal) so no joy there.
I have also tried using a ticket - doesn't work with JSONP as you can't modify the headers, and doesn't work as a request parameter.
If you make a successful Ajax call by modifying the headers then the browser won't add these details to subsequent requests in the same way that it does if you authenticate via the dialog box.
(not very satisfactory anyway due to having to get the ticket in the first place)