Tomcat SSO Kerberos Realm

I managed to enable SSO in my web application using keytab. I had to update following files to make it work:



Server.xml (Realm)


Its working fine.My question is why I need to use Realm to search user again with Active Directory when user has already been authenticated using keytab?

Our application is open to all people in organization so I just want to get user principal from keytab and don't want to use Realm.

If I remove the Realm section from server xml, it doesn't work.

Any suggestions?