The realm definitions in server.xml totally depend on what attributes are supported by your LDAP. By ADFS, do you mean Active Directory Federation Services? In any case a sample Realm for Active Directory LDAP would look like this:' <Realm className="org.apache.catalina.realm.JNDIRealm" debug="true" allRolesMode="authOnly" connectionName="CN=username,OU=Organization unit,DC=sample,DC=com" connectionPassword="password" connectionURL="ldap://xxx.sss.com:389" userSearch="(sAMAccountName={0})" /> Another one could be: <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.JNDIRealm" allRolesMode="authOnly" connectionURL="ldap://sample.demo.com" userPattern="{0}@sample.demo.com" /> </Realm> It again totally depends on what attributes are supported by your LDAP and you can use tools like ldapsearch to identify the correct pattern for user search in your LDAP. Also here is an external link on some JNDI Realms, for reference https://wiki.apache.org/tomcat/JNDI_HowTo
... View more