Patching Oracle Identity and Access Management 6-13 b. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed. c. Select the oracle.oaam.extensions library, and click Delete. d. Deploy the library by clicking Install. The Install Application Assistant page is displayed. e. Select the following application to install: IAM_Home oaamoaam_ extensionsgenericoracle.oaam.extensions.war f. Install this application as a library. g. Select all Managed Servers hosting oaam_admin, oaam_server, and oaam_ offline as the deployment targets for this application. h. For Source Accessibility, select the I will make the deployment accessible from the following location option. This option sets the staging mode to nostage. i. Complete the deployment of the library. 9. Start all Managed Servers hosting oaam_admin, oaam_offline, and oaam_ server. 10. Optional: If you have customized the jazn-data permissions of oaam_admin, you should back up these changes by using the OPSS WLST migrateSecurityStore command. For instructions, see the Migrating with the Script migrateSecurityStore topic in the Oracle Fusion Middleware Application Security Guide. 11. Redeploy oaam_admin, which overwrites the security policies of oaam_admin with the jazn-data.xml that is packaged in the Oracle Identity and Access Management 11.1.1.5.0 oaam_admins ear. To do so, complete the following steps: a. Ensure that the Managed Server hosting oaam_admin is up and running. b. Log in to the WebLogic Server Administration Console. c. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed. d. Select oaam_admin, and click Update. e. Complete the redeployment steps. 12. Optional: If you had customized permissions for oaam_admin before migrating to Oracle Adaptive Access Manager 11.1.1.5.0, you must redo them after migrating to 11.1.1.5.0. You should use the backup that you took in Step 10. You can modify jazn-data.xml and use OPSS WLST commands.

6.5 Updating Oracle Identity Navigator 11.1.1.3.0 to 11.1.1.5.0

To update Oracle Identity Navigator 11.1.1.3.0 to 11.1.1.5.0, complete the following steps: 1. On the machine where Oracle Identity Navigator 11.1.1.3.0 is installed, export the Oracle Identity Navigator metadata to an export directory using WLST as follows: a. Run wlst.sh located at IAM_Homecommonbin. b. Connect to the Administration Server using the following command: 6-14 Oracle Fusion Middleware Patching Guide connectweblogic-username, weblogic-password; c. Run the following WLST online command: exportMetadataapplication=oinav,server=AdminServer,to Location=export_directory export_directory is the directory where you want to export Oracle Identity Navigator metadata to. 2. Stop the WebLogic Administration Server the Administration Server for the domain where Oracle Identity Manager is installed and configured and the Oracle Identity Navigator Managed Server. 3. Run the WebLogic Server Upgrade Installer to patch your WebLogic Server installation to the latest version 10.3.5, as described in Patching Oracle WebLogic Server 10.3.3. to 10.3.5 . 4. Run the Oracle Identity and Access Management 11g Release 1 11.1.1.5.0 Patch Set Installer to patch your existing Oracle Identity and Access Management 11.1.1.3.0 installation IAM_Home to Oracle Identity and Access Management 11.1.1.5.0, as described in Patching Oracle Identity and Access Management 11.1.1.3.0 to 11.1.1.5.0 . 5. After the patching is complete, start the WebLogic Administration Server the Administration Server for the domain that contains Oracle Identity Navigator. 6. Log in to the WebLogic Server Administration Console. 7. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed. 8. Select oinav, and click Update. Alternatively, you can use the redeployoinav11.1.1.3.0 WLST command to update the Oracle Identity Navigator application. Exit the WebLogic Server Administration Console. 9. Import Oracle Identity Navigator metadata by running the following WLST command: importMetadataapplication=oinav,server=AdminServer,fromL ocation=export_directory export_directory is the directory where you previously exported Oracle Identity Navigator metadata to.

6.6 Patching Oracle Identity and Access Management in a Clustered Environment

This section describes how to patch your existing Oracle Identity and Access Management 11.1.1.3.0 installation in a clustered environment to 11.1.1.5.0. The procedures in this section are based on a two node cluster as described below: ■ Node 1: Administration Server, OIM Managed Server, SOA Managed Server ■ Node 2: OIM Managed Server, SOA Managed Server Any additional nodes in your cluster should be patched using the instructions in Section 6.6.2, Upgrading Node 2 . ■ If Node 1 and Node 2 do not share a disk, then the directory structure for each node’s Middleware home, Oracle home, and Domain home are identical. Patching Oracle Identity and Access Management 6-15 For more information about deploying Oracle Identity Management in an enterprise environment, refer to the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management.

6.6.1 Upgrading Node 1

To upgrade Node 1 in the cluster, follow the instructions in Section 6.2, Updating Oracle Identity Manager 11.1.1.3.0 to 11.1.1.5.0 .

6.6.2 Upgrading Node 2

To upgrade Node 2 in the cluster, follow the instructions below: 1. Back up the Oracle Identity Manager 11.1.1.3.0 domain, and your Oracle Identity Manager and Oracle SOA Suite binaries. 2. Shut down all Managed Servers for Oracle Identity Manager and Oracle SOA Suite that are running in the domain. 3. If your Oracle WebLogic Server, Oracle Identity Management, and Oracle SOA Suite binaries are NOT at a shared location, perform the following steps. Otherwise, skip to Step 4. a. Patch Oracle WebLogic Server as described in Section 6.1.4, Patching Oracle WebLogic Server 10.3.3. to 10.3.5 . b. Update your Oracle SOA Suite software as described in Section 6.1.5, Patching Oracle SOA Suite 11.1.1.3.0 to 11.1.1.5.0 Oracle Identity Manager Users Only . c. Update your Oracle Identity and Access Management software as described in Section 6.1.6, Patching Oracle Identity and Access Management 11.1.1.3.0 to 11.1.1.5.0 . 4. Run the following command to pack your domain on Node 1: On UNIX operating systems: cd MW_HOME oracle_commoncommonbin .pack.sh -domain= OIM_Domain_Home -template= Domain_Configuration_Jar_ Destination -template_name= template_nanme -managed=true On Windows operating systems: cd MW_HOME \oracle_common\common\bin pack.cmd -domain= OIM_Domain_Home -template= Domain_Configuration_Jar_Destination -template_name= template_nanme -managed=true Replace OIM_Domain_Home with the full path to your OIM domain, Domain_ Configuration_Jar_Destination with the full path to the location where you want to create your domain configuration .jar file, and template_name with the name of this domain configuration template. Below is an example on UNIX operating systems: .pack.sh -domain=homeOracleDomains11.1.1.3.0_OIMDomain -template=homeOracleData -template_name=OIM Domain -managed=true On Windows operating systems: pack.cmd -domain=D:\Oracle\Domains\11.1.1.3.0_OIMDomain -template=D:\Oracle\Data -template_name=OIM Domain -managed=true