The user in question is a member of a domain local security group on Domain B which has been added to the application properties. If the user is explicitly added to application, they can launch the application.

All that is required for enumeration is for the delivery controller in Domain A to receive info back from the Domain B domain controllers as to what groups the user account is a member of.

The VDA has to make sure the account has rights to log in to Windows as well as access any resources on the VDA, and reaches out to the Domain A domain controllers for this, but they cannot resolve the SID for the domain local group in Domain B

The administrators of Domain B converted the user's domain local group to a global group, and user is able to launch the application

There is a one-way trust between two domains. Users in Domain B access published applications in Domain A. A user can enumerate all applications, but cannot launch a specific application. The user is able to launch applications published from the same VDA in the same delivery group.