diff --git a/container_files/tomcat/lib/someOtherValve.jar b/container_files/tomcat/lib/someOtherValve.jar
new file mode 100644
index 0000000..9b736a3
Binary files /dev/null and b/container_files/tomcat/lib/someOtherValve.jar differ
diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
index 3b05401..cd59acb 100644
--- a/container_files/usr-local-bin/libraryPrep.sh
+++ b/container_files/usr-local-bin/libraryPrep.sh
@@ -276,6 +276,10 @@ prep_finishBegin() {
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=true"
       export GROUPER_CHOWN_DIRS=true
     fi
+    if [ -z "$GROUPER_SETUP_AUTHN_VALVE" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SETUP_AUTHN_VALVE=true"
+      export GROUPER_SETUP_AUTHN_VALVE=true
+    fi
     if [ -z "$GROUPER_TOMCAT_HTTP_PORT" ]; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTP_PORT=-1"
       export GROUPER_TOMCAT_HTTP_PORT=-1
diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
index f6516b7..f448ce6 100644
--- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -5,6 +5,7 @@ setupFilesTomcat() {
   setupFilesTomcat_remoteCidrValve
   setupFilesTomcat_remoteIpValve
   setupFilesTomcat_rewriteValve
+  setupFilesTomcat_authnValve
   setupFilesTomcat_turnOnAjp
   setupFilesTomcat_turnOnHttp
   setupFilesTomcat_turnOnHttps
@@ -18,9 +19,35 @@ setupFilesTomcat() {
   setupFilesTomcat_sslCertsClient
 }
 
+setupFilesTomcat_authnValve() {
+
+  if [ "$GROUPER_SETUP_AUTHN_VALVE" = "true" ] ; then 
+
+    if [ -f /opt/tomcat/lib/someOtherValve.jar ] ; then 
+    
+      if [ $(grep -c 'SomeOtherValve' /opt/tomcat/conf/server.xml) -eq 0 ]; then
+      
+        sed -i 's|</Host>|<Valve className="SomeOtherValve" /></Host>|g' /opt/tomcat/conf/server.xml
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authnValve) Apply valve: sed -i 's|</Host>|<Valve className="SomeOtherValve" /></Host>|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      
+      else
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authnValve) Not setting up authn valve SomeOtherValve is in /opt/tomcat/conf/server.xml"
+      fi
+      
+    else
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authnValve) Not setting up authn valve since this file does not exist: /opt/tomcat/lib/someOtherValve.jar"
+    fi
+
+  else
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authnValve) Not setting up authn valve since GROUPER_SETUP_AUTHN_VALVE is not true"
+  fi
+}
+    
 setupFilesTomcat_rewriteValve() {
 
-  if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ] ; then 
+  if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" = "true" ] ; then 
     if [ "$GROUPER_UI" = "true" ]; then
       if [ ! -f /opt/tomcat/conf/Catalina/localhost/rewrite.config ] ; then
         mv /opt/tomcat/conf/Catalina/localhost/rewrite.config.grouper /opt/tomcat/conf/Catalina/localhost/rewrite.config
@@ -321,11 +348,13 @@ setupFilesTomcat_ports() {
       fi
       
       if [ "$GROUPER_TOMCAT_MAX_HEADER_COUNT" != "-1" ]; then 
-        # add in maxHeaderCount since new chrome sends too many headers
-        sed -i "s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g" /opt/tomcat/conf/server.xml
-        returnCode=$?
-        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml add maxHeaderCount: sed -i \"s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g\" /opt/tomcat/conf/server.xml, result: $returnCode"
-        if [ $returnCode != 0 ]; then exit $returnCode; fi
+        if [ $(grep -c 'maxHeaderCount' /opt/tomcat/conf/server.xml) -eq 0 ]; then
+          # add in maxHeaderCount since new chrome sends too many headers
+          sed -i "s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g" /opt/tomcat/conf/server.xml
+          returnCode=$?
+          echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml add maxHeaderCount: sed -i \"s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g\" /opt/tomcat/conf/server.xml, result: $returnCode"
+          if [ $returnCode != 0 ]; then exit $returnCode; fi
+        fi
       fi
   
       if [ "$GROUPER_TOMCAT_SHUTDOWN_PORT" != "8005" ]; then 
@@ -554,6 +583,7 @@ setupFilesTomcat_unsetAll() {
 
   unset -f setupFilesTomcat
   unset -f setupFilesTomcat_authn
+  unset -f setupFilesTomcat_authnValve
   unset -f setupFilesTomcat_context
   unset -f setupFilesTomcat_ports
   unset -f setupFilesTomcat_remoteCidrValve
@@ -576,6 +606,7 @@ setupFilesTomcat_exportAll() {
 
   export -f setupFilesTomcat
   export -f setupFilesTomcat_authn
+  export -f setupFilesTomcat_authnValve
   export -f setupFilesTomcat_context
   export -f setupFilesTomcat_ports
   export -f setupFilesTomcat_remoteCidrValve