test(playwright): add nightly SAML session renewal coverage

[siddhant1]

Summary

• Adds an end-to-end Playwright spec that exercises OM's JWT refresh behavior for SAML sessions against the local Keycloak fixture, giving the nightly suite first-class coverage of silent refresh, concurrent-401 queuing, and forced re-login on server-side HttpSession loss.
• Reuses the snapshot/restore mechanism and keycloak-azure-saml provider helper introduced in test(playwright): add nightly SSO login spec starting #27164, and tightens samlConfiguration.security.tokenValidity to 10s so the suite observes multiple expiry cycles in under 60s.
• Wires the new spec into playwright-sso-login-nightly.yml so the renewal scenarios run on the nightly cadence alongside the existing SSO login spec.

Test plan

• Run locally: cd openmetadata-ui/src/main/resources/ui && yarn playwright:run playwright/e2e/Auth/SSORenewal.spec.ts
• Confirm silent-refresh case completes without a visible re-login
• Confirm concurrent 401s coalesce into a single refresh call (network log)
• Confirm forced re-login fires when the server-side SAML HttpSession is invalidated
• Verify the nightly workflow picks up the new spec on the next scheduled run

🤖 Generated with Claude Code

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[Copilot]

Pull request overview

Adds a new Playwright nightly E2E spec to validate SAML session renewal behavior (silent JWT refresh, concurrent-401 coalescing, and forced re-login on server-side session loss) against the local Keycloak SAML fixture, and wires it into the existing nightly SSO workflow.

Changes:

• Introduces SSORenewal.spec.ts covering access-token refresh, refresh de-duplication, and session-loss relogin.
• Adds reusable helpers in playwright/utils/sessionRenewal.ts (TTL override, JWT exp decode, expiry wait, cookie clearing).
• Updates Playwright config + nightly workflow to include the new spec in the sso-auth nightly run.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
openmetadata-ui/src/main/resources/ui/playwright/utils/sessionRenewal.ts	Adds helpers to shorten SAML token validity and drive renewal-related assertions.
openmetadata-ui/src/main/resources/ui/playwright/e2e/Auth/SSORenewal.spec.ts	New nightly E2E coverage for SAML JWT refresh + forced relogin scenarios.
openmetadata-ui/src/main/resources/ui/playwright.config.ts	Includes the new spec in the sso-auth project and excludes it from default runs.
.github/workflows/playwright-sso-login-nightly.yml	Executes the new renewal spec alongside the existing SSO login spec on the nightly workflow.

[gitar-bot]

Code Review ✅ Approved

Adds Playwright coverage for nightly SAML session renewal. No issues found.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact

gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

[github-actions]

Jest test Coverage

UI tests summary

Lines	Statements	Branches	Functions
	61.98% (60308/97295)	42% (31620/75280)	44.99% (9492/21094)

[sonarqubecloud]

Quality Gate passed for 'open-metadata-ui'

Issues
993 New issues
0 Accepted issues

Measures
15 Security Hotspots
0.0% Coverage on New Code
3.8% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🟡 Playwright Results — all passed (18 flaky)

✅ 3693 passed · ❌ 0 failed · 🟡 18 flaky · ⏭️ 89 skipped

Shard	Passed	Failed	Flaky	Skipped
🟡 Shard 1	480	0	1	4
🟡 Shard 2	654	0	2	7
🟡 Shard 3	662	0	4	1
🟡 Shard 4	646	0	2	27
🟡 Shard 5	610	0	1	42
🟡 Shard 6	641	0	8	8

🟡 18 flaky test(s) (passed on retry)

• Pages/AuditLogs.spec.ts › should apply both User and EntityType filters simultaneously (shard 1, 1 retry)
• Features/BulkEditEntity.spec.ts › Glossary (shard 2, 1 retry)
• Features/ColumnBulkOperations.spec.ts › should search columns with server-side API call (shard 2, 1 retry)
• Features/LandingPageWidgets/DomainWidgetFilter.spec.ts › Setup Domains widget on landing page (shard 3, 1 retry)
• Features/RTL.spec.ts › Verify Following widget functionality (shard 3, 1 retry)
• Features/TestSuitePipelineRedeploy.spec.ts › Re-deploy all test-suite ingestion pipelines (shard 3, 1 retry)
• Flow/PersonaDeletionUserProfile.spec.ts › User profile loads correctly before and after persona deletion (shard 3, 1 retry)
• Pages/Customproperties-part2.spec.ts › entityReferenceList shows item count, scrollable list, no expand toggle (shard 4, 1 retry)
• Pages/DataContracts.spec.ts › Create Data Contract and validate for Table (shard 4, 1 retry)
• Pages/Glossary.spec.ts › Add and Remove Assets (shard 5, 1 retry)
• Pages/Glossary.spec.ts › Glossary Term Update in Glossary Page should persist tree (shard 6, 1 retry)
• Pages/GlossaryImportExport.spec.ts › Check for Circular Reference in Glossary Import (shard 6, 1 retry)
• Pages/Lineage/DataAssetLineage.spec.ts › verify create lineage for entity - Dashboard (shard 6, 1 retry)
• Pages/Lineage/DataAssetLineage.spec.ts › verify create lineage for entity - Stored Procedure (shard 6, 1 retry)
• Pages/Lineage/LineageFilters.spec.ts › Verify lineage schema filter selection (shard 6, 1 retry)
• Pages/Lineage/LineageRightPanel.spec.ts › Verify custom properties tab IS visible for supported type: searchIndex (shard 6, 1 retry)
• Pages/ServiceListing.spec.ts › should render the service listing page (shard 6, 1 retry)
• Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)

📦 Download artifacts

How to debug locally

# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace