Planon Web Client configuration
1. Open ROOT.xml located in: …\Server\tomcat-*\conf\Catalina\localhost
If you do an update, this file will not be overwritten.
2. Remove the Realm (PlanonRealmLogin) and FormAuthenticator valve (PnMessageFormAuthenticator). Add the following realm and valve below the AccessKeyValve:
<Realm className="org.apache.catalina.realm.CombinedRealm" allRolesMode="authOnly">
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PlanonRealmLogin"
userClassNames="nl.planon.cerebeus.PnUser"
roleClassNames="nl.planon.cerebeus.PnRole"
allRolesMode="authOnly"/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PlanonRealmLogin"
userClassNames="nl.planon.cerebeus.PnUser"
roleClassNames="nl.planon.cerebeus.PnRole"
allRolesMode="authOnly"/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
 | If you do not want to use user names including the domain, you must set stripRealmForGss="true". |
3. Restart the Tanuki service.