The user may modify the system setting to add new remote auth config with the remote auth config containing a auth mapping profile using a SAML auth profile. If the SAML auth profile has incorrect metadata information, e.x URL may be incorrect, the user will then not be able to login to UI. The user gets an error as follows when he/she tries to login to UI.

{"error": "Failed to parse metadata file: /var/lib/avi/etc/<metadata-file-name.xml>"}

Also, the URL in the UI will be redirected to <Controller-IP>/sso/login.

This is applicable to all environments.

If local login is allowed you can add this to the url and try admin login:
https://<controller-ip>/#!/login?local=1

After logging in, the newly added remote auth config causing the issue can be removed. The metadata information can be debugged for possible errors and then re-added after correcting it.

This information is mentioned in doc page also.