6-12 Oracle Fusion Middleware Patching Guide g. Complete the domain extension process. 6. Start the Administration Server. 7. Perform this step only if you want to install Oracle Adaptive Access Manager Offline in your domain. Otherwise, skip this step. a. Run IAM_HOME commonbinwlst.sh on UNIX operating systems or IAM_HOME \common\bin\wlst.cmd on Windows operating systems. b. Connect to the Administration Server using the following command: connect’ weblogic-username ’, ’ weblogic-password ’; c. Run the grantPermission WLSTonline command to create Oracle Adaptive Access Manager Offline Application grant to the out-of-the-box JPS common system-jazn-data.xml, as in the following example: grantPermissioncodeBaseURL=file:{domain.home}servers{weblogic.Name}t mp_WL_useroaam_offline_11.1.1.3.0-, permClass=oracle.security.jps.service.credstore.CredentialAccessPermission , permTarget=context=SYSTEM, mapName=oaam,keyName= ,permActions= Where codeBaseURL= name of the grantee codebase URL. permClass= class name of the permission being granted. permTarget= target part of the permission that is being granted. permActions= permission actions that are being granted. The system-jazn-data.xml file is located in the DOMAIN_ HOME configfmwconfig on UNIX operating systems or DOMAIN_ HOME \config\fmwconfig on Windows operating systems directory. d. Exit WLST. e. From the patched IAM_Home 11.1.1.5.0, run the Oracle Fusion Middleware Configuration Wizard located at IAM_Homecommonbin. f. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next. The Select a WebLogic Domain Directory screen is displayed. g. On the Select a WebLogic Domain Directory screen, select the domain that contains Oracle Adaptive Access Manager 11.1.1.3.0. Click Next. The Select Extension Source screen is displayed. h. On the Select Extension Source screen, select the Oracle Adaptive Access Manager Offline - 11.1.1.3.0 option. i. Continue by following the on-screen instructions. Complete the domain extension process. The domain with Oracle Adaptive Access Manager is extended to support Oracle Adaptive Access Manager Offline. j. Restart the Administration Server. 8. Undeploy and redeploy the oaam.extensions library through the WebLogic Server Administration Console as follows: a. Log in to the WebLogic Server Administration Console. Patching Oracle Identity and Access Management 6-13 b. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed. c. Select the oracle.oaam.extensions library, and click Delete. d. Deploy the library by clicking Install. The Install Application Assistant page is displayed. e. Select the following application to install: IAM_Home oaamoaam_ extensionsgenericoracle.oaam.extensions.war f. Install this application as a library. g. Select all Managed Servers hosting oaam_admin, oaam_server, and oaam_ offline as the deployment targets for this application. h. For Source Accessibility, select the I will make the deployment accessible from the following location option. This option sets the staging mode to nostage. i. Complete the deployment of the library. 9. Start all Managed Servers hosting oaam_admin, oaam_offline, and oaam_ server. 10. Optional: If you have customized the jazn-data permissions of oaam_admin, you should back up these changes by using the OPSS WLST migrateSecurityStore command. For instructions, see the Migrating with the Script migrateSecurityStore topic in the Oracle Fusion Middleware Application Security Guide. 11. Redeploy oaam_admin, which overwrites the security policies of oaam_admin with the jazn-data.xml that is packaged in the Oracle Identity and Access Management 11.1.1.5.0 oaam_admins ear. To do so, complete the following steps: a. Ensure that the Managed Server hosting oaam_admin is up and running. b. Log in to the WebLogic Server Administration Console. c. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed. d. Select oaam_admin, and click Update. e. Complete the redeployment steps. 12. Optional: If you had customized permissions for oaam_admin before migrating to Oracle Adaptive Access Manager 11.1.1.5.0, you must redo them after migrating to 11.1.1.5.0. You should use the backup that you took in Step 10. You can modify jazn-data.xml and use OPSS WLST commands.

6.5 Updating Oracle Identity Navigator 11.1.1.3.0 to 11.1.1.5.0

To update Oracle Identity Navigator 11.1.1.3.0 to 11.1.1.5.0, complete the following steps: 1. On the machine where Oracle Identity Navigator 11.1.1.3.0 is installed, export the Oracle Identity Navigator metadata to an export directory using WLST as follows: a. Run wlst.sh located at IAM_Homecommonbin. b. Connect to the Administration Server using the following command: