--- title: "Example: Installing and configuring the Policy Editor interactively" description: This tutorial describes how to install an instance of the PingAuthorize Policy Editor interactively. component: pingauthorize version: 10.1 page_id: pingauthorize:installing_and_uninstalling_pingauthorize:paz_install_config_pe canonical_url: https://docs.pingidentity.com/pingauthorize/10.1/installing_and_uninstalling_pingauthorize/paz_install_config_pe.html revdate: July 23, 2025 section_ids: about-this-task: About this task steps: Steps result: Result next-steps: Next steps --- # Example: Installing and configuring the Policy Editor interactively This tutorial describes how to install an instance of the PingAuthorize Policy Editor interactively. ## About this task | | | | - | ---------------------------------------------------------------------------------------------------- | | | These installation instructions are for tutorial purposes. They will only provide a limited install. | ## Steps 1. Extract the contents of the compressed PingAuthorize-PAP distribution file. 2. Change the directory to `PingAuthorize-PAP`. 3. To configure the application, run the `./bin/setup` script. 4. Answer the on-screen questions. For the following questions, use the recommended answers provided. | Question | Answer | | ------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | How would you like to configure the Policy Editor? | Use `Quickstart` to set up a demo server with credentials `admin`/`password123` and to use a self-signed certificate for SSL | | On which port should the Policy Editor listen for HTTPS communications? | You can use any unused port here, but most of the examples in this guide assume that port 9443 is used for the PingAuthorize Policy Editor. | | Enter the fully qualified host name or IP address that users' browsers will use to connect to this GUI | Unless you are testing on `localhost`, ensure that the provided API URL uses the public DNS name of the PingAuthorize Policy Editor server. For example, `pap.example.com`. | 5. Copy and record any generated values needed to configure external servers. The Shared Secret is used in PingAuthorize, under **External Servers → Policy External Server → Shared Secret**. 6. To start the Policy Editor, or policy administration point (PAP), run `bin/start-server`. The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it. ## Result Your demo configuration should resemble the following example. ``` [/opt/{pingauthorize}-PAP]$ bin/setup Please enter the location of a valid {pingauthorize} with Symphonic license file [/opt/{pingauthorize}-PAP/{pingauthorize}.lic]: /opt/{pingauthorize}/{pingauthorize}.lic {pingauthorize} Policy Editor ============================================ How would you like to configure the Policy Editor? 1) Quickstart (DEMO PURPOSES ONLY): This option configures the server with a form based authentication and generates a self-signed server certificate 2) OpenID Connect: This option configures the server to use an OpenID Connect provider such as {pingfed} 3) Cancel the setup Enter option [1]: 1 On which port should the Policy Editor listen for application HTTPS communications? [9443]: 9443 Enter the fully qualified host name or IP address that users' browsers will use to connect to this GUI [centos.localdomain]: pap.examplecom On which port should the Policy Editor listen for administrative HTTPS communications? [9444]: 9444 Would you like to enable periodic policy database backups? (yes / no) [yes]: yes Enter the backup schedule as a cron expression (defaults to daily at midnight): [0 0 0 * * ?]: 0 0 0 * * ? Setup Summary ========================================== Host Name: pap.example.com Server Port: 9443 Secure Access: Self-signed certificate Admin Port: 9444 Periodic Backups: Enabled Backup Schedule: 0 0 0 * * ? Command-line arguments that would set up this server non-interactively: setup demo --hostname pap.example.com --adminPort 9444 --port 9443 --certNickname server-cert \ --licenseKeyFile /opt/{pingauthorize}/{pingauthorize}.lic \ --backupSchedule '0 0 0 * * ?' --pkcs12KeyStorePath config/keystore.p12 \ --generateSelfSignedCertificate What would you like to do? 1) Set up the server with the parameters above 2) Provide the setup parameters again 3) Cancel the setup Enter option [1]: Setup completed successfully Please configure the following values ==================================================================================== {pingauthorize} Server - Policy External Server Base URL: https://pap.example.com:9443 Shared Secret: 7ed6f52d6e71411ca9e58f9567c7de2e Trust Manager Provider: Blind Trust Please start the server by running bin/start-server ``` In this example, the PingAuthorize Policy Editor is now running and listening on port 9443. ## Next steps To sign on to the interface, go to `https://:9443`. The default credentials are `admin` and `password123`. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Use the default user name and password sign on credentials for demo and testing purposes only, such as this initial walk-through. To configure the PingAuthorize Policy Editor for PingFederate OpenID Connect (OIDC) single sign-on (SSO), see [Installing the Policy Editor non-interactively](paz_install_pe_noninteractive.html). |