eclipse-kura
diff --git a/‎kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/identity/IdentityService.java‎
Lines changed: 103 additions & 67 deletions b/‎kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/identity/IdentityService.java‎
Lines changed: 103 additions & 67 deletions
diff --git a/‎kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java‎
Lines changed: 2 additions & 1 deletion b/‎kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎kura/org.eclipse.kura.core.identity/src/main/java/org/eclipse/kura/core/identity/IdentityServiceImpl.java‎
Lines changed: 17 additions & 11 deletions b/‎kura/org.eclipse.kura.core.identity/src/main/java/org/eclipse/kura/core/identity/IdentityServiceImpl.java‎
Lines changed: 17 additions & 11 deletions
diff --git a/‎kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java‎
Lines changed: 5 additions & 2 deletions b/‎kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java‎
Lines changed: 5 additions & 2 deletions
@@ -34,76 +34,101 @@ public interface IdentityService {
     /**
      * Creates a new identity with the given name.
      * 
-     * @param identityName the name of the identity to be created.
+     * @param identityName
+     *            the name of the identity to be created.
      * @return {@code true} if the identity with the given name has been created as
      *         part of the method call or {@code false} if the identity already
-     *         exist.
-     * @throws KuraException if a failure occurs in creating the identity.
+     *         exists.
+     * @throws KuraException
+     *             if a failure occurs in creating the identity.
      */
     public boolean createIdentity(final String identityName) throws KuraException;
 
+    /**
+     * Creates a new identity using the provided configuration.
+     * 
+     * @param identityConfiguration
+     *            the identity configuration including identity
+     *            name and optional configuration components.
+     * @return {@code true} if the identity with the given name has been created as
+     *         part of the method call or {@code false} if the identity already
+     *         exists.
+     * @throws KuraException
+     *             if a failure occurs in creating the identity.
+     * @since 2.8.0
+     */
+    public boolean createIdentity(final IdentityConfiguration identityConfiguration) throws KuraException;
+
     /**
      * Deletes the identity with the given name, including temporary identities.
      * 
-     * @param identityName the name of the identity to be deleted.
+     * @param identityName
+     *            the name of the identity to be deleted.
      * @return {@code true} if the identity with the given name has been deleted as
      *         part of the method call or {@code false} if the identity does not
      *         exist.
-     * @throws KuraException if a failure occurs in deleting the identity.
+     * @throws KuraException
+     *             if a failure occurs in deleting the identity.
      */
     public boolean deleteIdentity(final String identityName) throws KuraException;
 
     /**
      * Returns the configuration of all existing identities.
      * 
-     * @param componentsToReturn the set of {@link IdentityConfigurationComponent}
-     *                           types to be returned. If the set is empty a
-     *                           {@link IdentityConfiguration} will be returned for
-     *                           each defined identity with an empty component list.
-     *                           This can be used to get the name for all defined
-     *                           identities.
+     * @param componentsToReturn
+     *            the set of {@link IdentityConfigurationComponent}
+     *            types to be returned. If the set is empty a
+     *            {@link IdentityConfiguration} will be returned for
+     *            each defined identity with an empty component list.
+     *            This can be used to get the name for all defined
+     *            identities.
      * 
      * @return the list of {@link IdentityConfiguration}s. An empty list will be
      *         returned if no identities are defined.
-     * @throws KuraException if a failure occurs in retrieving identity
-     *                       configurations.
+     * @throws KuraException
+     *             if a failure occurs in retrieving identity
+     *             configurations.
      */
     public List<IdentityConfiguration> getIdentitiesConfiguration(
-            Set<Class<? extends IdentityConfigurationComponent>> componentsToReturn)
-            throws KuraException;
+            Set<Class<? extends IdentityConfigurationComponent>> componentsToReturn) throws KuraException;
 
     /**
      * Returns the configuration of the identity with the given name.
      * 
-     * @param identityName       the identity name.
-     * @param componentsToReturn the set of {@link IdentityConfigurationComponent}
-     *                           types to be returned.
+     * @param identityName
+     *            the identity name.
+     * @param componentsToReturn
+     *            the set of {@link IdentityConfigurationComponent}
+     *            types to be returned.
      * @return the configuration of the requested identity or an empty optional if
      *         the identity does not exist.
-     * @throws KuraException if a failure occurs in retrieving identity
-     *                       configuration.
+     * @throws KuraException
+     *             if a failure occurs in retrieving identity
+     *             configuration.
      */
     public Optional<IdentityConfiguration> getIdentityConfiguration(final String identityName,
-            Set<Class<? extends IdentityConfigurationComponent>> componentsToReturn)
-            throws KuraException;
+            Set<Class<? extends IdentityConfigurationComponent>> componentsToReturn) throws KuraException;
 
     /**
      * Returns the default configuration for the identity with the given name, this
      * method should succeed even if the identity does not exist. The result should
      * be the same configuration returned by the
-     * {@link IdentityService#getIdentityConfiguration(String, List)}
+     * {@link IdentityService#getIdentityConfiguration(String, Set)}
      * method for an identity that has just been created with the
      * {@link IdentityService#createIdentity(String)} method.
      * 
      * This method can be useful for example to allow a user interface to show the
      * initial identity configuration to the user before creating it.
      *
-     * @param identityName       the identity name.
-     * @param componentsToReturn the set of {@link IdentityConfigurationComponent}
-     *                           types to be returned.
+     * @param identityName
+     *            the identity name.
+     * @param componentsToReturn
+     *            the set of {@link IdentityConfigurationComponent}
+     *            types to be returned.
      * @return the default configuration for the requested identity
-     * @throws KuraException if a failure occurs in retrieving identity
-     *                       configuration.
+     * @throws KuraException
+     *             if a failure occurs in retrieving identity
+     *             configuration.
      */
     public IdentityConfiguration getIdentityDefaultConfiguration(final String identityName,
             Set<Class<? extends IdentityConfigurationComponent>> componentsToReturn) throws KuraException;
@@ -112,48 +137,54 @@ public IdentityConfiguration getIdentityDefaultConfiguration(final String identi
      * Validates the provided identity configuration without performing any
      * change to the system.
      * 
-     * @param identityConfiguration the identity configuration that should be
-     *                              validated.
-     * @throws KuraException if the provided identity configuration is not
-     *                       valid.
+     * @param identityConfiguration
+     *            the identity configuration that should be
+     *            validated.
+     * @throws KuraException
+     *             if the provided identity configuration is not
+     *             valid.
      */
-    public void validateIdentityConfiguration(final IdentityConfiguration identityConfiguration)
-            throws KuraException;
+    public void validateIdentityConfiguration(final IdentityConfiguration identityConfiguration) throws KuraException;
 
     /**
      * Updates the configuration of the given identity for the provided
      * {@link IdentityConfigurationComponent} types.
      * The configuration of the identities or identity
      * components that have not been provided will not be modified.
      * 
-     * @param identityConfiguration the identity configuration that should be
-     *                              updated.
-     * @throws KuraException if a failure occurs updating identity
-     *                       configuration.
+     * @param identityConfiguration
+     *            the identity configuration that should be
+     *            updated.
+     * @throws KuraException
+     *             if a failure occurs updating identity
+     *             configuration.
      */
-    public void updateIdentityConfiguration(final IdentityConfiguration identityConfiguration)
-            throws KuraException;
+    public void updateIdentityConfiguration(final IdentityConfiguration identityConfiguration) throws KuraException;
 
     /**
      * Defines a new permission.
      * 
-     * @param permission the permission to be created.
+     * @param permission
+     *            the permission to be created.
      * @return {@code true} if the permission has been created as
      *         part of the method call or {@code false} if the permission already
      *         exist.
-     * @throws KuraException if a failure occurs creating the permission.
+     * @throws KuraException
+     *             if a failure occurs creating the permission.
      */
     public boolean createPermission(final Permission permission) throws KuraException;
 
     /**
      * Removes an existing permission. The permission will also be removed from all
      * identities assigned to it.
      * 
-     * @param permission the permission to be deleted.
+     * @param permission
+     *            the permission to be deleted.
      * @return {@code true} if the permission has been deleted as
      *         part of the method call or {@code false} if the permission does not
      *         exist.
-     * @throws KuraException if a failure occurs deleting the permission.
+     * @throws KuraException
+     *             if a failure occurs deleting the permission.
      */
     public boolean deletePermission(final Permission permission) throws KuraException;
 
@@ -163,17 +194,20 @@ public void updateIdentityConfiguration(final IdentityConfiguration identityConf
      * 
      * @return the set of permissions that are currently defined within the
      *         framework.
-     * @throws KuraException if a failure occurs retrieving the permission set.
+     * @throws KuraException
+     *             if a failure occurs retrieving the permission set.
      */
     public Set<Permission> getPermissions() throws KuraException;
 
     /**
      * Computes a {@link PasswordHash} for the given plaintext password. The
      * password array will be overwritten at the end of the operation.
      * 
-     * @param password the plaintext password.
+     * @param password
+     *            the plaintext password.
      * @return the computed password hash.
-     * @throws KuraException if a failure occurs computing the password hash
+     * @throws KuraException
+     *             if a failure occurs computing the password hash
      */
     public PasswordHash computePasswordHash(final char[] password) throws KuraException;
 
@@ -183,9 +217,10 @@ public void updateIdentityConfiguration(final IdentityConfiguration identityConf
      * 
      * @param identityName
      * @param password
-     * @throws KuraException if the passwords do not match of if a failure occurs
-     *                       while
-     *                       performing the check.
+     * @throws KuraException
+     *             if the passwords do not match of if a failure occurs
+     *             while
+     *             performing the check.
      */
     public void checkPassword(final String identityName, final char[] password) throws KuraException;
 
@@ -195,30 +230,31 @@ public void updateIdentityConfiguration(final IdentityConfiguration identityConf
      *
      * @param identityName
      * @param permission
-     * @throws KuraException if the provided permissio is not currently assigned to
-     *                       the given identity or if occurs while performing the
-     *                       check.
+     * @throws KuraException
+     *             if the provided permissio is not currently assigned to
+     *             the given identity or if occurs while performing the
+     *             check.
      *
      */
     public void checkPermission(final String identityName, final Permission permission) throws KuraException;
 
     /**
-     * Creates a temporary identity that is not persisted and has automatic expiration.
-     * Temporary identities behave like regular identities but are stored in-memory only
-     * and will be automatically removed after the specified lifetime period.
-     * The identity name is extracted from {@link IdentityConfiguration#getName()}.
-     * If a {@link PasswordConfiguration} with a new password is provided, the password
-     * will be validated and hashed before storage.
+     * Creates a temporary identity that is not persisted and has automatic
+     * expiration. Temporary identities behave like regular identities but are
+     * stored in-memory only and are automatically removed after the specified
+     * lifetime period.
      *
-     * @param configuration the identity configuration including the identity name, passwords,
-     *                      certificates, tokens, permissions, etc.
-     * @param lifetime the duration before automatic expiration. The identity will be automatically
-     *                 removed after this period.
-     * @throws KuraException if a failure occurs in creating the temporary identity or if an identity
-     *                       with the given name already exists (either regular or temporary).
+     * @param identityName
+     *            the name of the temporary identity to create.
+     * @param lifetime
+     *            the duration before automatic expiration. The identity
+     *            will be automatically removed after this period.
+     * @throws KuraException
+     *             if a failure occurs in creating the temporary identity
+     *             or if an identity with the given name already exists
+     *             (either regular or temporary).
      * @since 2.8.0
      */
-    public void createTemporaryIdentity(final IdentityConfiguration configuration,
-            final Duration lifetime) throws KuraException;
+    public void createTemporaryIdentity(final String identityName, final Duration lifetime) throws KuraException;
 
 }
@@ -452,7 +452,8 @@ private String createTemporaryIdentityWithValidName(final ContainerInstanceOptio
                     final IdentityConfiguration configuration = new IdentityConfiguration(candidateName,
                             Arrays.asList(passwordConfiguration, assignedPermissions));
 
-                    ContainerInstance.this.identityService.createTemporaryIdentity(configuration, Duration.ofDays(365));
+                    ContainerInstance.this.identityService.createTemporaryIdentity(candidateName, Duration.ofDays(365));
+                    ContainerInstance.this.identityService.updateIdentityConfiguration(configuration);
                     return candidateName;
 
                 } catch (final KuraException e) {
 
@@ -120,14 +120,26 @@ public void deactivate() {
 
     @Override
     public synchronized boolean createIdentity(final String name) throws KuraException {
-        if (this.userAdminHelper.getUser(name).isPresent()) {
+        return createIdentity(new IdentityConfiguration(name, Collections.emptyList()));
+    }
+
+    @Override
+    public synchronized boolean createIdentity(final IdentityConfiguration configuration) throws KuraException {
+        final String name = configuration.getName();
+
+        if (this.temporaryIdentityStore.exists(name) || this.userAdminHelper.getUser(name).isPresent()) {
             return false;
         }
 
         audit(() -> {
             ValidationUtil.validateNewIdentityName(name);
 
             this.userAdminHelper.createUser(name);
+
+            if (!configuration.getComponents().isEmpty()) {
+                validateIdentityConfiguration(configuration);
+                this.userAdminIdentityStore.updateIdentityConfiguration(configuration);
+            }
         }, "Create identity " + name);
 
         return true;
@@ -394,13 +406,9 @@ private void validateAdditionalConfigurations(final IdentityConfiguration identi
         }
     }
 
-    // New unified temporary identity methods (IdentityService interface)
-
     @Override
-    public synchronized void createTemporaryIdentity(IdentityConfiguration configuration,
-            Duration lifetime) throws KuraException {
-
-        final String identityName = configuration.getName();
+    public synchronized void createTemporaryIdentity(final String identityName, final Duration lifetime)
+            throws KuraException {
 
         // Check if identity already exists (temporary or regular)
         if (this.temporaryStore.exists(identityName)) {
@@ -420,10 +428,8 @@ public synchronized void createTemporaryIdentity(IdentityConfiguration configura
                         "Temporary identity lifetime must be positive");
             }
 
-            validateIdentityConfiguration(configuration);
-
-            // Process the configuration to hash passwords before storage
-            this.temporaryIdentityStore.createIdentity(configuration, lifetime);
+            this.temporaryIdentityStore.createIdentity(new IdentityConfiguration(identityName, Collections.emptyList()),
+                    lifetime);
 
         }, "Create temporary identity " + identityName);
     }
 
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2024, 2025 Eurotech and/or its affiliates and others
+ * Copyright (c) 2024, 2026 Eurotech and/or its affiliates and others
  *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
@@ -10,6 +10,8 @@
  * Contributors:
  *  Eurotech
  *******************************************************************************/
+// Content with portions generated by generative AI platform
+
 package org.eclipse.kura.internal.rest.identity.provider;
 
 import java.util.Arrays;
@@ -127,7 +129,8 @@ public Response createIdentity(final IdentityDTO identity) {
 
             StringUtils.validateField(NAME_REQUEST_FIELD, identity.getName());
 
-            boolean created = this.identityService.createIdentity(identity.getName());
+            boolean created = this.identityService
+                    .createIdentity(new IdentityConfiguration(identity.getName(), List.of()));
             if (!created) {
                 throw DefaultExceptionHandler.buildWebApplicationException(Status.CONFLICT, "Identity already exists");
             }