Add SAML metadata XML file upload to auto-fill IdP configuration

[aji-aju]

Describe your changes:

Fixes #26354

Screen.Recording.2026-03-12.at.9.48.37.AM.mov

I worked on ... because ...

Type of change:

• Bug fix
• Improvement
• New feature
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation

Checklist:

• I have read the CONTRIBUTING document.
• My PR title is Fixes <issue-number>: <short explanation>
• I have commented on my code, particularly in hard-to-understand areas.
• For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

[harshach]

@aji-aju the goal here is not parse the file in the UI, UI should just upload and backend needs to fill-in the details

[gitar-bot]

⚠️ Bug: KeyDescriptor fallback picks wrong cert when signing key exists

The comment at line 1190 says "Look for a KeyDescriptor with use='signing', then fall back to any KeyDescriptor", but the single-pass loop (lines 1197–1210) accepts the first match of either use="signing" or no use attribute. If an unattributed <KeyDescriptor> appears before one with use="signing" in the XML, the general-purpose key is selected and the loop breaks — the explicit signing key is never considered.

Per the SAML metadata spec, use="signing" should be preferred. A two-pass approach (or tracking a fallback separately) is needed.

Suggested fix:

let certText: string | undefined;
let fallbackCertText: string | undefined;

for (let i = 0; i < keyDescriptors.length; i++) {
  const use = keyDescriptors[i].getAttribute('use');
  const x509 = keyDescriptors[i].getElementsByTagNameNS(XMLDSIG_NS, 'X509Certificate')[0];
  if (use === 'signing' && x509?.textContent) {
    certText = x509.textContent.replace(/\s+/g, '');
    break; // Preferred — stop immediately
  }
  if (!use && !fallbackCertText && x509?.textContent) {
    fallbackCertText = x509.textContent.replace(/\s+/g, '');
  }
}
certText = certText ?? fallbackCertText;

_{Was this helpful? React with 👍 / 👎 | Reply gitar fix to apply this suggestion}

[gitar-bot]

💡 Edge Case: No file size guard on metadata XML upload

The handleMetadataFileUpload handler reads the entire file into memory via FileReader.readAsText() with no size check. While this is a client-side-only risk (no server upload), an accidentally selected large file could freeze or crash the browser tab. Adding a simple file.size guard (e.g., reject files > 1 MB) before reading would be a cheap safeguard.

Suggested fix:

const file = event.target.files?.[0];
if (!file) {
  return;
}
const MAX_XML_SIZE = 1 * 1024 * 1024; // 1 MB
if (file.size > MAX_XML_SIZE) {
  showErrorToast(t('message.file-size-exceeds-limit'));
  return;
}

_{Was this helpful? React with 👍 / 👎 | Reply gitar fix to apply this suggestion}

[gitar-bot]

💡 Edge Case: Missing FileReader.onerror handler

The FileReader has an onload callback but no onerror handler. If readAsText fails (e.g., file becomes unreadable after selection), the error is silently swallowed and the user gets no feedback.

Suggested fix:

reader.onerror = () => {
  showErrorToast(t('message.metadata-xml-parse-failed'));
};

_{Was this helpful? React with 👍 / 👎 | Reply gitar fix to apply this suggestion}

[github-actions]

Jest test Coverage

UI tests summary

Lines	Statements	Branches	Functions
	65.94% (57430/87085)	45.41% (30231/66567)	48.43% (9079/18743)

[gitar-bot]

Analyzing CI failures

🔍 CI failure analysis for 9e0a08f: Playwright test project "stateful" is missing from configuration causing test failures on shard 6; two GitHub action download failures due to 401 authentication errors are infrastructure issues unrelated to the PR.

Overview

Four CI logs analyzed across 4 unique error templates. Findings include 1 PR-related test failure and 2 infrastructure/authentication failures that are unrelated to the PR changes. The PR adds SAML metadata XML file upload functionality with extensive locale file updates and new test coverage.

Failures

Playwright Project "stateful" Not Found (confidence: high)

• Type: test
• Affected jobs: 66741101790 (Playwright E2E tests, shard 6)
• Related to PR: yes
• Root cause: The CI workflow attempts to run a Playwright project named "stateful" on shard 6, but this project is not defined in the Playwright configuration. The available projects are: setup, entity-data-setup, chromium, entity-data-teardown, data-insight-application, Data Insight, DataAssetRulesEnabled, DataAssetRulesDisabled, Basic, ingestion, and SystemCertificationTags. The project was either removed or the workflow references an incorrect name.
• Suggested fix: Verify the Playwright configuration (playwright.config.ts) includes the "stateful" project definition or update the CI workflow to reference an existing project. Since the PR modifies SSOUtils test files, ensure these tests are mapped to the correct Playwright project (likely "Basic" or similar). Review the workflow configuration that assigns projects to shards.

GitHub Action Download: jlumbroso/free-disk-space (confidence: high)

• Type: infrastructure
• Affected jobs: 66741106604
• Related to PR: no
• Root cause: The workflow failed to download the GitHub action 'jlumbroso/free-disk-space@main' due to persistent 401 (Unauthorized) responses from the GitHub API. The system retried twice with exponential backoff (13.3s, 16.4s) before failing. This indicates an authentication/permission issue, rate limiting, or the repository becoming inaccessible.
• Suggested fix: Verify the GitHub token has sufficient permissions and is not expired. Check if the jlumbroso/free-disk-space repository is still accessible or has been deleted/made private. Consider using a cached version or alternative action. Ensure the runner has internet connectivity to api.github.com.

GitHub Action Download: lewagon/wait-on-check-action (confidence: high)

• Type: infrastructure
• Affected jobs: Not specified in logs
• Related to PR: no
• Root cause: The GitHub API returned a 401 Unauthorized response when downloading lewagon/wait-on-check-action@v1.3.4. Two retries with exponential backoff (26.2s, 18.9s) failed before final error. This indicates authentication token issues, repository access revocation, or network/firewall restrictions.
• Suggested fix: Verify the GitHub token has appropriate API permissions. Check if the lewagon/wait-on-check-action repository is still accessible or has been removed/made private. Consider using an alternative action or version. Review GitHub Actions runner environment for network/firewall restrictions.

Summary

• PR-related failures: 1 test failure (Playwright project misconfiguration for SAML metadata test sharding)
• Infrastructure/flaky failures: 2 GitHub action download failures due to authentication/API issues (unrelated to PR changes)
• Recommended action: Fix the Playwright configuration to properly define or reference the "stateful" project for the test workflow. The infrastructure failures (GitHub action downloads) should be escalated to DevOps/platform team to investigate repository access and authentication token issues with external GitHub actions.

Code Review ⚠️ Changes requested 0 resolved / 3 findings

SAML metadata XML upload feature streamlines IdP configuration but has three unresolved issues: the KeyDescriptor fallback logic incorrectly prioritizes signing certificates, the file upload lacks size validation, and the FileReader error handler is missing.

⚠️ Bug: KeyDescriptor fallback picks wrong cert when signing key exists

📄 openmetadata-ui/src/main/resources/ui/src/utils/SSOUtils.ts:1197

The comment at line 1190 says "Look for a KeyDescriptor with use='signing', then fall back to any KeyDescriptor", but the single-pass loop (lines 1197–1210) accepts the first match of either use="signing" or no use attribute. If an unattributed <KeyDescriptor> appears before one with use="signing" in the XML, the general-purpose key is selected and the loop breaks — the explicit signing key is never considered.

Per the SAML metadata spec, use="signing" should be preferred. A two-pass approach (or tracking a fallback separately) is needed.

Suggested fix

let certText: string | undefined;
let fallbackCertText: string | undefined;

for (let i = 0; i < keyDescriptors.length; i++) {
  const use = keyDescriptors[i].getAttribute('use');
  const x509 = keyDescriptors[i].getElementsByTagNameNS(XMLDSIG_NS, 'X509Certificate')[0];
  if (use === 'signing' && x509?.textContent) {
    certText = x509.textContent.replace(/\s+/g, '');
    break; // Preferred — stop immediately
  }
  if (!use && !fallbackCertText && x509?.textContent) {
    fallbackCertText = x509.textContent.replace(/\s+/g, '');
  }
}
certText = certText ?? fallbackCertText;

💡 Edge Case: No file size guard on metadata XML upload

📄 openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SSOConfigurationForm/SSOConfigurationForm.tsx:257

The handleMetadataFileUpload handler reads the entire file into memory via FileReader.readAsText() with no size check. While this is a client-side-only risk (no server upload), an accidentally selected large file could freeze or crash the browser tab. Adding a simple file.size guard (e.g., reject files > 1 MB) before reading would be a cheap safeguard.

Suggested fix

const file = event.target.files?.[0];
if (!file) {
  return;
}
const MAX_XML_SIZE = 1 * 1024 * 1024; // 1 MB
if (file.size > MAX_XML_SIZE) {
  showErrorToast(t('message.file-size-exceeds-limit'));
  return;
}

💡 Edge Case: Missing FileReader.onerror handler

📄 openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SSOConfigurationForm/SSOConfigurationForm.tsx:263

The FileReader has an onload callback but no onerror handler. If readAsText fails (e.g., file becomes unreadable after selection), the error is silently swallowed and the user gets no feedback.

Suggested fix

reader.onerror = () => {
  showErrorToast(t('message.metadata-xml-parse-failed'));
};

🤖 Prompt for agents

Code Review: SAML metadata XML upload feature streamlines IdP configuration but has three unresolved issues: the KeyDescriptor fallback logic incorrectly prioritizes signing certificates, the file upload lacks size validation, and the FileReader error handler is missing.

1. ⚠️ Bug: KeyDescriptor fallback picks wrong cert when signing key exists
   Files: openmetadata-ui/src/main/resources/ui/src/utils/SSOUtils.ts:1197

   The comment at line 1190 says "Look for a KeyDescriptor with use='signing', then fall back to any KeyDescriptor", but the single-pass loop (lines 1197–1210) accepts the first match of either `use="signing"` or no `use` attribute. If an unattributed `<KeyDescriptor>` appears before one with `use="signing"` in the XML, the general-purpose key is selected and the loop breaks — the explicit signing key is never considered.
   
   Per the SAML metadata spec, `use="signing"` should be preferred. A two-pass approach (or tracking a fallback separately) is needed.

   Suggested fix:
   let certText: string | undefined;
   let fallbackCertText: string | undefined;
   
   for (let i = 0; i < keyDescriptors.length; i++) {
     const use = keyDescriptors[i].getAttribute('use');
     const x509 = keyDescriptors[i].getElementsByTagNameNS(XMLDSIG_NS, 'X509Certificate')[0];
     if (use === 'signing' && x509?.textContent) {
       certText = x509.textContent.replace(/\s+/g, '');
       break; // Preferred — stop immediately
     }
     if (!use && !fallbackCertText && x509?.textContent) {
       fallbackCertText = x509.textContent.replace(/\s+/g, '');
     }
   }
   certText = certText ?? fallbackCertText;

2. 💡 Edge Case: No file size guard on metadata XML upload
   Files: openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SSOConfigurationForm/SSOConfigurationForm.tsx:257

   The `handleMetadataFileUpload` handler reads the entire file into memory via `FileReader.readAsText()` with no size check. While this is a client-side-only risk (no server upload), an accidentally selected large file could freeze or crash the browser tab. Adding a simple `file.size` guard (e.g., reject files > 1 MB) before reading would be a cheap safeguard.

   Suggested fix:
   const file = event.target.files?.[0];
   if (!file) {
     return;
   }
   const MAX_XML_SIZE = 1 * 1024 * 1024; // 1 MB
   if (file.size > MAX_XML_SIZE) {
     showErrorToast(t('message.file-size-exceeds-limit'));
     return;
   }

3. 💡 Edge Case: Missing FileReader.onerror handler
   Files: openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SSOConfigurationForm/SSOConfigurationForm.tsx:263

   The `FileReader` has an `onload` callback but no `onerror` handler. If `readAsText` fails (e.g., file becomes unreadable after selection), the error is silently swallowed and the user gets no feedback.

   Suggested fix:
   reader.onerror = () => {
     showErrorToast(t('message.metadata-xml-parse-failed'));
   };

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply	Compact
gitar auto-apply:on	gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[sonarqubecloud]

Quality Gate passed for 'open-metadata-ui'

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🟡 Playwright Results — all passed (7 flaky)

✅ 1013 passed · ❌ 0 failed · 🟡 7 flaky · ⏭️ 53 skipped

Shard	Passed	Failed	Flaky	Skipped
🟡 Shard 1	425	0	2	2
🟡 Shard 6	133	0	5	0
✅ Shard 7	379	0	0	50
✅ Shard 8	76	0	0	1

🟡 7 flaky test(s) (passed on retry)

• Pages/Customproperties-part1.spec.ts › sqlQuery shows scrollable CodeMirror container and no expand toggle (shard 1, 1 retry)
• Pages/CustomThemeConfig.spec.ts › Update Hover and selected Color (shard 1, 1 retry)
• Pages/Tag.spec.ts › Tag toggle should be disabled when classification is disabled (shard 6, 1 retry)
• Pages/Teams.spec.ts › Add and Remove User for Team (shard 6, 1 retry)
• Pages/Teams.spec.ts › Should not have edit access on team page with no data available (shard 6, 1 retry)
• Pages/Teams.spec.ts › Add New Team in BusinessUnit Team (shard 6, 1 retry)
• Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)

📦 Download artifacts

How to debug locally

# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace