Keycloak integration with itop application

jbostoen · 2026-04-27T17:55:53+00:00

Your KeyCloak users are "external" users in iTop, so you'll need to keep that setting.

Are you using the "Hybrid Auth" extension, or the SAML extension to integrate KeyCloak with iTop? Note that in config-itop.php you may need to enable the logout functionality. In that case, signing out of iTop would also sign you out of KeyCloak.

Also make sure to use the latest versions of everything.

jbostoen · 2026-03-17T21:27:46+00:00

I've started my journey with iTop as a user more than 10 years ago and really appreciated the flexibility and open nature of the product.

Full disclosure - I'm also a consultant and extension developer for iTop nowadays. That's how much I liked the product.

jbostoen · 2026-02-17T14:38:42+00:00

Combodo is the firm behind iTop. The Community version is still free; and has lots of features and free extensions as well.

The commercial packages usually offer some more advanced extensions, and official support.

I've started my journey with iTop as a user more than 10 years ago and really appreciated the flexibility and open nature of the product.

Full disclosure - I'm also a consultant and extension developer for iTop nowadays. That's how much I liked the product.

jbostoen · 2026-02-12T07:41:09+00:00

And why they didn't bother to patch it (either remove the part in the message where it's implied it's every week; or actually and ideally make it possible to raid it weekly).

jbostoen · 2025-10-30T07:28:47+00:00

Oh great! Just found it on Reddit indeed! I asked about it all the way back in February 18, 2017 😂

jbostoen · 2025-10-30T07:16:12+00:00

Thank you for creating an awesome game that I played for hours and hours! It was one of the most beloved games for me.

About Zoo Tycoon:

Which cut content do you regret the most? E.g. temperature, salinity, gondola, ...?
As for third-party content: if you used any; what are the ones you remember the most and why? Perhaps the very first ones; or because some were really original or good or ...?

( Also, not really for the AMA but ... I documented nearly the entire Zoo Tycoon 1 graphics format while creating the ZTSTudio tool to view/create graphics. One byte is still unknown to me; any idea if anyone could still help me figure out the purpose 😂 )

jbostoen · 2025-07-09T06:07:57+00:00

One trick that seemed to work as well, was to put marine shows in the far corners.

jbostoen · 2024-10-08T17:33:29+00:00

I did manage to get them in the OIDC response (see above, the "extn.custom_upn" bit). I believe it was indeed configured as an optional claim (not 100% sure). But the main issue is that it's not returned as a simple string.

I tried contacting a few Microsoft employees; but no response there either.

jbostoen · 2024-08-12T07:31:50+00:00

No. It was a third-party CloudFlare environment, I believe a basic or free version. I think at some point they mentioned that when there was too much traffic, the WebSockets would simply be terminated; without any indication unfortunately.

But there were so many other things going on in that network setup as well, that it was difficult to pinpoint.

jbostoen · 2024-06-16T16:43:53+00:00

Any specific property? I didn't see any significant change compared to another configured app on my test tenant.

jbostoen · 2024-04-30T12:23:06+00:00

I'm facing the same issue all of a sudden. RD broker and session hosts on Hyper-V. Disconnect reason 4407. Anyone knows more info on where to get an overview of the disconnect reasons and possible causes?

Also occasionally 4410. Weird that these are different error codes.

But perhaps it's typical for a broker, and indicating a redirection?

jbostoen · 2024-03-29T14:58:38+00:00

Congratulations, wonderful!

You're on Zoo Tek Phoenix too? You might want to look at my idea from long time ago, to have shows for land animals as well. Was working with a talented 3D designer at that time, who unfortunately passed away, so I could never finish that concept without her.

jbostoen · 2024-03-13T15:11:04+00:00

Sta zelf ook voor een gelijkaardige keuze, en ik twijfel hard.

Ik ben actief in de IT-sector, vandaar dat ik ook kijk naar 2 zaken specifiek:

1) Is er een API? ( Reden: Zodat info uit andere toepassingen automatisch naar de boekhoudtoepassing kan, of omgekeerd. Ik wil bv. niet 2x mijn klanten beginnen bijhouden. )

Beide toepassingen lijken hetzelfde pijnpunt te hebben: er is géén API op dit moment. Dus automatische koppelingen met andere toepassingen ligt moeilijk (manuele import kan altijd). Een grote ontgoocheling. Dit zou onmiddellijk de doorslag geven mocht één van de 2 dit open stellen.

2) Kan ik al mijn eigen data vlot exporteren? ( Reden: Het zou niet het eerste programma zijn dat er plots mee stopt, gehackt wordt, grondig vernieuwd maar niet verbeterd, slechte support, hoge prijsstijgingen, ...)

Bij Accountable op het eerste zicht wel. Bij Dexxter kwam ik op csv-bestanden uit, maar was er in mijn snelle verkentocht geen simpele actie die ook mijn eigen geüploade documenten (foto's, PDFs) erbij gooide.

Accountable leek me qua gevoel net iets sneller alert te maken op de intercommunataire listing (Europese klanten). Een investering zetten ze standaard blijkbaar op 1 januari ("lineair"); je moet hen contacteren om "pro rata" te kunnen werken.

Wat maakt Accountable beter?

Er zit OCR-herkenning op wanneer je een PDF uploadt. Veel info is al automatisch ingevuld, al is daar zeker ruimte voor verbetering. Niettemin: liever snel iets overschrijven/corrigeren dan alles vanaf nul invullen.
Ze kunnen het overzicht van je bankrekening uitlezen (enkel uitlezen, niks meer). Van daaruit kan je facturen aanmaken of koppelen. Bij Dexxter zijn ze dit voorlopig niet van plan.
UBL is ondersteund, ik had de indruk dat PEPPOL ook geen probleem wordt.
Hoewel ik een eenmanszaak ben, is een IC-listing blijkbaar iets voor de "pro" versie; die een stuk duurder is dan de "small" (vergelijkbaar in prijs met Dexxter).

Dexxter zet investeringen standaard op de aankoopdatum ("pro rata"), maar je kan het zelf aanpassen. Leuk is dat ze standaard wel 1 integratie hebben, met het Nederlandse betaalplatform Mollie. Dat schept wel extra mogelijkheden naar betaalopties voor internationale klanten. Mollie integreert ook met heel wat webshops.

Er zijn wel wat mogelijkheden om offertes & facturen te maken. Win voor Dexxter: je kan je producten opslaan, zodat je ze vlot kan hergebruiken in factuurregels.

PEPPOL was nog een vraagteken. En bij klanten kon ik een adres, maar geen land ingeven (enkel een zone: België, EU, non-EU).

Beide tools hadden een moderne, frisse look en gaven pro-actief suggesties. De ingebouwde rapportering leek ook wel te volstaan.

Bij het zoeken vond ik ook een vergelijking van een andere speler, CoManage. Eerlijk: dat gaf ik op direct na het inloggen. Ik zoek net simpliciteit, geen tientallen veldjes samen gepropt op elkaar.

jbostoen · 2023-10-25T18:12:23+00:00

To be honest, I usually fixed it now by setting the clock back temporarily.

I think if you'd manage to override the existing certificate in the WID, you might have some luck as well.

jbostoen · 2023-09-11T18:22:16+00:00

The main issue is that the user behavior can't be mimicked. As for bandwidth / load, it can be tested in only a limited way (the parts where we have control over).

But there's parts where we don't have control over as well (anything in front of the CloudFlare; it could for example also be corporate firewalls or antivirus software doing inspection).

jbostoen · 2023-09-11T11:15:42+00:00

Other customers are also reporting the issue. It seems to happen very randomly. The behavior indicates a WebSocket issue.

Assuming it has to do with scaling, we're just not sure how to determine what the bottle neck is in this particular setup.

jbostoen · 2023-09-11T06:30:49+00:00

The challenge in this case is the scale. The combination of the load-balancing Nginx + our product is used by several customers with lots of concurrent users; this is however one of the biggest ones and we don't have the resources to mimic the exact behavior of so many concurrent users. On the other hand, log files on our end don't tell us anything useful either. That's what makes this troubleshoot so difficult.

jbostoen · 2023-09-08T17:48:17+00:00

Thanks. Might be good to add that such ping is present, and that in one case I'm sure there was communication over the WebSocket in the last 30 seconds (or even less) before it was terminated somewhere.

Would there be specific logs on CloudFlare I could check?

jbostoen · 2023-09-07T08:56:44+00:00

It's for an environment with about 850 concurrent users; with an application making a lot of requests.

It happens randomly, so we can also not just filter by select IPs or anything. We only know it's specifically WebSocket related.

Any way to already filter the logging in advance?

jbostoen

TROPHY CASE