--- title: Installing the Policy Editor interactively description: You can run the Policy Editor setup command interactively in command-line interface (CLI) install mode. component: pingauthorize version: 11.0 page_id: pingauthorize:installing_and_uninstalling_pingauthorize:paz_install_pe_interactive canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/installing_and_uninstalling_pingauthorize/paz_install_pe_interactive.html revdate: April 28, 2025 section_ids: before-you-begin: Before you begin steps: Steps choose-from: Choose from: example: Example next-steps: Next steps install_pe_interactive: "Example: Installing and configuring the Policy Editor interactively" about-this-task: About this task steps-2: Steps result: Result next-steps-2: Next steps --- # Installing the Policy Editor interactively You can run the Policy Editor `setup` command interactively in command-line interface (CLI) install mode. The `setup` tool prompts you interactively for the information that it needs. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You cannot configure some setup options when installing the Policy Editor interactively, such as PostgreSQL database configuration. Learn more in [Installing the Policy Editor non-interactively](paz_install_pe_noninteractive.html). | ## Before you begin You must have the following information: * The location of a valid license file * An available port for the Policy Editor to accept HTTPS requests ## Steps 1. Choose the authentication mode for the Policy Editor: ### Choose from: * **Demo mode**: Configures the Policy Editor to use form-based authentication with a fixed set of credentials. Unlike OpenID Connect (OIDC) mode, this mode doesn't require an external authentication server. However, it is inherently insecure and should only be used for demonstration purposes. * **OIDC mode**: Configures the Policy Editor to delegate authentication and sign-on services to a PingFederate OIDC provider. In OIDC mode, you must provide the following additional information: * The host name and port of an OIDC provider * Information related to the server's connection security, including the location of a keystore that contains the server certificate, the nickname of that server certificate, and the location of a trust store | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To use Policy Editor with other OIDC providers, such as PingOne, see [Installing the Policy Editor non-interactively](paz_install_pe_noninteractive.html). | 2. Run the `setup` command. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you don't want to use the default database credential *(tooltip: \
\

Information used to identify a subject for access purposes (for example, username and password). A credential can also be a certificate.\

\
)*, refer to [Setting database credentials at initial setup](../pingauthorize_server_administration_guide/paz_set_db_creds_startup.html). | 3. Copy and record any generated values needed to configure external servers. The Shared Secret is used in PingAuthorize, under **External Servers > Policy External Server > Shared Secret**. 4. To start the Policy Editor, or policy administration point (PAP), run `bin/start-server`. The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it. ## Example Refer to [Example: Installing and configuring the Policy Editor interactively](#install_pe_interactive) for a more detailed walkthrough of the previous steps. ## Next steps 1. Complete the steps in [Post-setup steps (manual installation)](paz_post_setup_manual.html). 2. Consider additional configuration options in [Specifying custom configuration with an options file](../pingauthorize_server_administration_guide/paz_specify_custom_config_opts_file.html). ## Example: Installing and configuring the Policy Editor interactively This tutorial describes how to install an instance of the PingAuthorize Policy Editor interactively. ### About this task | | | | - | ---------------------------------------------------------------------------------------------------- | | | These installation instructions are for tutorial purposes. They will only provide a limited install. | ### Steps 1. Extract the contents of the compressed PingAuthorize-PAP distribution file. 2. Change the directory to `PingAuthorize-PAP`. 3. To configure the application, run the `./bin/setup` script. 4. Answer the on-screen questions. For the following questions, use the recommended answers provided. | Question | Answer | | ------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | How would you like to configure the Policy Editor? | Use `Quickstart` to set up a demo server with credentials `admin`/`password123` and to use a self-signed certificate for SSL | | On which port should the Policy Editor listen for HTTPS communications? | You can use any unused port here, but most of the examples in this guide assume that port 9443 is used for the PingAuthorize Policy Editor. | | Enter the fully qualified host name or IP address that users' browsers will use to connect to this GUI | Unless you are testing on `localhost`, ensure that the provided API URL uses the public DNS name of the PingAuthorize Policy Editor server. For example, `pap.example.com`. | 5. Copy and record any generated values needed to configure external servers. The Shared Secret is used in PingAuthorize, under **External Servers → Policy External Server → Shared Secret**. 6. To start the Policy Editor, or policy administration point (PAP), run `bin/start-server`. The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it. ### Result Your demo configuration should resemble the following example. ``` [/opt/{pingauthorize}-PAP]$ bin/setup Please enter the location of a valid {pingauthorize} with Symphonic license file [/opt/{pingauthorize}-PAP/{pingauthorize}.lic]: /opt/{pingauthorize}/{pingauthorize}.lic {pingauthorize} Policy Editor ============================================ How would you like to configure the Policy Editor? 1) Quickstart (DEMO PURPOSES ONLY): This option configures the server with a form based authentication and generates a self-signed server certificate 2) OpenID Connect: This option configures the server to use an OpenID Connect provider such as {pingfed} 3) Cancel the setup Enter option [1]: 1 On which port should the Policy Editor listen for application HTTPS communications? [9443]: 9443 Enter the fully qualified host name or IP address that users' browsers will use to connect to this GUI [centos.localdomain]: pap.examplecom On which port should the Policy Editor listen for administrative HTTPS communications? [9444]: 9444 Would you like to enable periodic policy database backups? (yes / no) [yes]: yes Enter the backup schedule as a cron expression (defaults to daily at midnight): [0 0 0 * * ?]: 0 0 0 * * ? Setup Summary ========================================== Host Name: pap.example.com Server Port: 9443 Secure Access: Self-signed certificate Admin Port: 9444 Periodic Backups: Enabled Backup Schedule: 0 0 0 * * ? Command-line arguments that would set up this server non-interactively: setup demo --hostname pap.example.com --adminPort 9444 --port 9443 --certNickname server-cert \ --licenseKeyFile /opt/{pingauthorize}/{pingauthorize}.lic \ --backupSchedule '0 0 0 * * ?' --pkcs12KeyStorePath config/keystore.p12 \ --generateSelfSignedCertificate What would you like to do? 1) Set up the server with the parameters above 2) Provide the setup parameters again 3) Cancel the setup Enter option [1]: Setup completed successfully Please configure the following values ==================================================================================== {pingauthorize} Server - Policy External Server Base URL: https://pap.example.com:9443 Shared Secret: 7ed6f52d6e71411ca9e58f9567c7de2e Trust Manager Provider: Blind Trust Please start the server by running bin/start-server ``` In this example, the PingAuthorize Policy Editor is now running and listening on port 9443. ### Next steps To sign on to the interface, go to `https://:9443`. The default credentials are `admin` and `password123`. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Use the default user name and password sign on credentials for demo and testing purposes only, such as this initial walk-through. To configure the PingAuthorize Policy Editor for PingFederate OpenID Connect (OIDC) single sign-on (SSO), see [Installing the Policy Editor non-interactively](paz_install_pe_noninteractive.html). |