scripts/tests/test_portal_onboarding_flow.py

@@ -387,9 +387,13 @@ def main() -> int:
     if isinstance(required_actions, list):
         required = {a for a in required_actions if isinstance(a, str)}
 
-    missing = [name for name in ("UPDATE_PASSWORD", "VERIFY_EMAIL", "CONFIGURE_TOTP") if name not in required]
+    missing = [name for name in ("UPDATE_PASSWORD", "VERIFY_EMAIL") if name not in required]
     if missing:
         raise SystemExit(f"Keycloak user missing required actions {missing}: requiredActions={sorted(required)}")
+    if "CONFIGURE_TOTP" in required:
+        raise SystemExit(
+            f"Keycloak user should not require CONFIGURE_TOTP at first login: requiredActions={sorted(required)}"
+        )
 
     print(f"PASS: onboarding provisioning completed for {request_code} ({username})")
     return 0

services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: portal-onboarding-e2e-test-10
+  name: portal-onboarding-e2e-test-11
   namespace: bstein-dev-home
 spec:
   backoffLimit: 0