The $CATALINA_HOME/conf/tomcat-users.xml file contains the Tomcat users. By default, the bottom of the tomcat-users.xml file will contain a few users, and this section will be commented out.

<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
  <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
  <user username="role1" password="<must-be-changed>" roles="role1"/>
-->

Shutdown the Tomcat server.

[john.doe@server1 ~]$ $CATALINA_HOME/bin/shutdown.sh

Remove the comment out. Change the password for the 3 default users in the tomcat-users.xml file. Create a new user account that grant the user admin and manager-gui roles. Do not use a common username, such as admin, as Tomcat will refuse common uesrnames. Add the admin and manager-gui rolename. 

<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="MyPassword" roles="tomcat"/>
<user username="both" password="MyPassword" roles="tomcat,role1"/>
<user username="role1" password="MyPassword" roles="role1"/>
<user username="JohnDoe" password="MyPassword" roles="admin,manager-gui" />

Start the Tomcat server.

[john.doe@server1 ~]$ bash $CATALINA_HOME/bin/startup.sh

Navigate to your Tomcat web interface and select Manager App. You will be prompted for a username and password. Use a username and password that has the manager-gui role.

You should be signed into the Tomcat Web Application Manager.

Logs

If you cannot sign in, and you get a 401 Unauthorized page, check your $CATALINA_HOME/logs/catalina.out file. In this example, John Doe's account has been locked.

01-Jul-2017 03:58:07.604 WARNING [http-nio-8080-exec-2] org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt was made to authenticate the locked user [JohnDoe]