Tomcat SSO Kerberos Realm

I managed to enable SSO in my web application using keytab. I had to update following files to make it work:

Jass.conf

Krb5.conf

Server.xml (Realm)

web.xml

Its working fine.My question is why I need to use Realm to search user again with Active Directory when user has already been authenticated using keytab?

Our application is open to all people in organization so I just want to get user principal from keytab and don't want to use Realm.

If I remove the Realm section from server xml, it doesn't work.

Any suggestions?