chore(sso-ui): integrate Test Login + align fields with proposal

- Wire SSO Test Login to PR #27336's backend: TestLoginButton
  (OIDC/SAML hidden-form-POST popup + LDAP credential modal) and a
  ClaimSelector modal that auto-populates adminPrincipal (email
  local-part) and principalDomain from the chosen email claim. Drop the
  old broken call to /security/config/test.
- Make oidcConfiguration.secret optional with a recommended hint;
  auto-derive clientType from secret presence; hide the manual radio.
- Drop adminPrincipals + principalDomain from authorizerConfiguration
  required[] so initial save isn't blocked. Hide them during the
  new-config flow; keep main tier so they surface once Test Login fills.
- Strip oidcConfiguration from the schema for SAML/LDAP to stop RJSF
  materializing defaults inside a hidden subtree.
- Hide root-level OIDC mirrors and tenant per the field-layout
  proposal; surface preferredJwsAlgorithm in advanced; remove in-form
  callbackUrl (the read-only display beside the form is the source).
- Fix TestLoginButton formData prop shape so SAML/LDAP click paths
  route correctly; vertically center action-bar buttons.
- Sync 19 new i18n keys across the 17 locales.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: 2 people

openmetadata-spec/src/main/resources/json/schema/configuration/authorizerConfiguration.json

@@ -89,6 +89,6 @@
       "type": "string"
     }
   },
-  "required": ["className", "containerRequestFilter", "adminPrincipals", "principalDomain", "enforcePrincipalDomain", "enableSecureSocketConnection"],
+  "required": ["className", "containerRequestFilter", "enforcePrincipalDomain", "enableSecureSocketConnection"],
   "additionalProperties": false
 }

openmetadata-spec/src/main/resources/json/schema/security/client/oidcClientConfig.json

@@ -98,6 +98,6 @@
       "default": "604800"
     }
   },
-  "required": ["id", "secret", "discoveryUri", "tenant"],
+  "required": ["id", "discoveryUri", "tenant"],
   "additionalProperties": false
 }

openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SSOConfigurationForm/SSOConfigurationForm.test.tsx

@@ -34,7 +34,6 @@ import {
   patchSecurityConfiguration,
   SecurityConfiguration,
   SecurityValidationResponse,
-  testSecurityConfiguration,
   validateSecurityConfiguration,
 } from '../../../rest/securityConfigAPI';
 import { getAuthConfig } from '../../../utils/AuthProvider.util';
@@ -107,6 +106,52 @@ jest.mock('@openmetadata/ui-core-components', () => ({
     </button>
   ),
   FileTrigger: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+  Input: ({
+    label,
+    value,
+    onChange,
+    ...rest
+  }: {
+    label?: string;
+    value?: string;
+    onChange?: (value: string) => void;
+  } & Record<string, unknown>) => (
+    <label>
+      {label}
+      <input
+        value={value ?? ''}
+        {...rest}
+        onChange={(event) => onChange?.(event.target.value)}
+      />
+    </label>
+  ),
+  ModalOverlay: ({
+    children,
+    isOpen,
+  }: {
+    children: React.ReactNode;
+    isOpen?: boolean;
+  }) => (isOpen ? <div data-testid="modal-overlay">{children}</div> : null),
+  Modal: ({ children }: { children: React.ReactNode }) => <div>{children}</div>,
+  Dialog: Object.assign(
+    ({
+      children,
+      title,
+      ...rest
+    }: React.PropsWithChildren<Record<string, unknown>> & {
+      title?: string;
+    }) => (
+      <div role="dialog" {...rest}>
+        {title && <h3>{title}</h3>}
+        {children}
+      </div>
+    ),
+    {
+      Header: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+      Content: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+      Footer: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+    }
+  ),
 }));
 
 // Mock SSOUtils - use actual implementations where needed
@@ -266,11 +311,6 @@ const mockGetSecurityConfiguration =
   getSecurityConfiguration as jest.MockedFunction<
     typeof getSecurityConfiguration
   >;
-const mockTestSecurityConfiguration =
-  testSecurityConfiguration as jest.MockedFunction<
-    typeof testSecurityConfiguration
-  >;
-
 const mockFetchAuthenticationConfig =
   fetchAuthenticationConfig as jest.MockedFunction<
     typeof fetchAuthenticationConfig
@@ -2158,33 +2198,7 @@ describe('SSOConfigurationForm', () => {
       });
     });
 
-    it('should auto-fill adminPrincipals and principalDomain on success', async () => {
-      mockTestSecurityConfiguration.mockResolvedValue(
-        createAxiosResponse({
-          component: 'authentication',
-          status: VALIDATION_STATUS.SUCCESS,
-        })
-      );
-
-      renderComponent({ selectedProvider: AuthProvider.Google });
-
-      await waitFor(() => {
-        expect(screen.getByTestId('test-login-button')).toBeInTheDocument();
-      });
-
-      fireEvent.click(screen.getByTestId('test-login-button'));
-
-      await waitFor(() => {
-        expect(mockTestSecurityConfiguration).toHaveBeenCalled();
-      });
-    });
-
-    it('should show error toast when test login fails', async () => {
-      const axiosError = {
-        response: { data: { errors: [] } },
-      } as unknown as AxiosError;
-      mockTestSecurityConfiguration.mockRejectedValue(axiosError);
-
+    it('should show error toast when required OIDC fields are missing', async () => {
       renderComponent({ selectedProvider: AuthProvider.Google });
 
       await waitFor(() => {
@@ -2194,7 +2208,6 @@ describe('SSOConfigurationForm', () => {
       fireEvent.click(screen.getByTestId('test-login-button'));
 
       await waitFor(() => {
-        expect(mockTestSecurityConfiguration).toHaveBeenCalled();
         expect(mockShowErrorToast).toHaveBeenCalled();
       });
     });