Planon Web Client configuration
1. Open webclient.xml that is located in: …\Server\tomcat-*\conf\Catalina\localhost
This file is generated the first time the web server is started. If you do an update, this file will not be overwritten.
2. Remove the Realm (PlanonRealmLogin) and FormAuthenticator valve (PnMessageFormAuthenticator). Add the following realm and valve above the trustedServiceKeystore:
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
 | If you do not want to use user names including the domain, you must set stripRealmForGss="true". |
3. Open the ROOT.xml that is located: …\Server\tomcat-*\conf\Catalina\localhost
If you do an update, this file will not be overwritten.
4. Remove the Realm (PlanonRealmLogin) and FormAuthenticator valve (PnMessageFormAuthenticator). Add the following realm and valve below the AccessKeyValve:
<Realm className="org.apache.catalina.realm.CombinedRealm" allRolesMode="authOnly">
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PlanonRealmLogin"
userClassNames="nl.planon.cerebeus.PnUser"
roleClassNames="nl.planon.cerebeus.PnRole"
allRolesMode="authOnly"/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PlanonRealmLogin"
userClassNames="nl.planon.cerebeus.PnUser"
roleClassNames="nl.planon.cerebeus.PnRole"
allRolesMode="authOnly"/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
5. Open sc.xml that is located in: …\Server\tomcat-*\conf\Catalina\localhost
This file is generated the first time the web server is started. If you do an update, this file will not be overwritten.
6. Remove the Realm (PlanonRealmLogin) and FormAuthenticator valve (PnMessageFormAuthenticator) or BasicAuthenticator. Add the following realm and valve above the trustedServiceKeystore:
<Realm className="nl.planon.tomcat.SPNegoRealm"
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
stripRealmForGss="false"
allRolesMode="authOnly"/>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"/>
| | If you do not want to use user names including the domain, you must set stripRealmForGss="true". |
7. Restart the Tanuki service.