Ivanti Secure Access Client Command-line Launcher
The Ivanti Secure Access Client Launcher (pulselauncher.exe) is a standalone client-side command-line program that allows you to launch Ivanti Secure Access Client and connect to or disconnect from a Ivanti server (Ivanti Connect Secure or Ivanti Policy Secure) without displaying the Ivanti Secure Access Client graphical user interface.
Ivanti Secure Access Client Launcher Usage Notes:
•Ivanti Secure Access Client Launcher runs on Windows 32-bit and 64-bit endpoints.
•The Ivanti Secure Access Client Launcher program, pulselauncher.exe, is installed as part of a Ivanti Secure Access Client installation in Program Files\Common Files\Ivanti\Integration or Program Files (x86)\Common Files\Pulse Secure\Integration.
•Ivanti Secure Access Client Launcher works only for the Connect Secure or Policy Secure (L3) connection type. Ivanti Secure Access Client Launcher does not support Policy Secure (802.1X) connection types.
•The Ivanti Secure Access Client Launcher program does not support the role mapping option that prompts a user to select from a list of assigned roles. If you use the Ivanti Secure Access Client Launcher and more than one role can be assigned to a user, you must configure the role mapping settings for the realm to merge settings for all assigned roles. If the realm settings require the user to select a role, the Ivanti Secure Access Client Launcher command fails and exits with return code 2.
•Ivanti Secure Access Client Launcher does not support secondary authentication.
To use Ivanti Secure Access Client Launcher:
1.Write a script, batch file, or application.
2.Include a call to the Ivanti Secure Access Client Launcher executable, pulselauncher.exe.
3.Include logic in your script, batch file, or application to handle the possible return codes.
Table lists the Ivanti Secure Access Client Launcher arguments.
The following command shows the complete pulselauncher.exe command syntax:
pulselauncher [-version|-help|-stop|-loglevel] [-sessionselection <connect|cancel>] [-url <url> -u <username> -p <password> -r <realm>] [-d <DSID> -url <url>] [-cert <client certificate> -url <url> -r <realm>] [-signout|-suspend|-resume -url <url>] [-t timeout)]]
|
Argument |
Action |
|
-version |
Display the Ivanti Secure Access Client Launcher version information, then exit. |
|
--sessionselection |
Allows to terminate the first session when a new session is attempted on reaching maximum number of concurrent sessions This option restricts the user interference and allows the scripts to run automatically. |
|
-help |
Display available arguments information. |
|
-stop |
Stop Ivanti Secure Access Client and disconnect all active connections. |
|
-L loglevel |
Specify the log level to show in logs. 3: Normal - Log Critical, Error, Warning and Info messages (default) 5: Detailed - Log All messages |
|
-url <url> |
Specify the Ivanti server URL. |
|
-u <user> |
Specify the username. |
|
|
|
|
-p <password> |
Specify the password for authentication. |
|
-r <realm> |
Specify the realm on the Ivanti server. |
|
-d <DSID> |
Passes a cookie to Ivanti Secure Access Client Launcher for a specified Ivanti server from another authentication mechanism when Ivanti Secure Access Client Launcher starts. When you use the -d argument, you must also specify the -url argument to specify the Ivanti server. |
|
-cert <client certificate> |
Specify the certificate to use for user authentication. For <client certificate> use the string specified in the Issued To field of the certificate. When using the -cert argument, you must also specify the -url and -r <realm> arguments. To use certificate authentication with the Ivanti Secure Access Client Launcher program, you must first configure the Ivanti server to allow the user to sign in via user certificate authentication. You must also configure a trusted client CA on the Ivanti server and install the corresponding client-side certificate in the Web browsers of end-users before running the Ivanti Secure Access Client Launcher. If the certificate is invalid, the Ivanti Secure Access Client Launcher displays an error message on the command line and logs a message in the log file. If Ivanti Secure Access Client is launched through a browser, the browser handles certificate verification. If Ivanti Secure Access Client is launched through an application on Windows, the application handles certificate verification. If Ivanti Secure Access Client is launched through the Ivanti Secure Access Client Launcher on Windows, Ivanti Secure Access Client Launcher handles the expired or revoked client certificates. |
|
-signout <url> |
Signout disconnects and signs out from a specific server. Suspend puts an active connection in the suspend state without removing the session information from the server. Resume restores a suspended connection. Ivanti Secure Access Client can have multiple simultaneous connections so the -url argument is required when you use -signout, -suspend, or -resume. |
|
-suspend <url> |
|
|
-resume <url> |
|
|
-t <timeout in seconds> |
The amount of time allowed for the connection to take place before the attempt fails. Min = 45 (default), Max = 600. |
|
Code |
Description |
|
-1 |
Ivanti Secure Access Client is not running. |
|
0 |
Success. |
|
1 |
A parameter is invalid. |
|
2 |
Connection has failed or Ivanti Secure Access Client is unable to connect to the specified gateway. |
|
3 |
Connection established with error. |
|
4 |
Connection does not exist. Example: the command attempts to sign out from a server that has not been added on the Ivanti Secure Access Client UI. |
|
5 |
User cancelled connection. |
|
6 |
Client certificate error. |
|
7 |
Timeout error. |
|
8 |
No user connection allowed from Ivanti Secure Access Client UI. |
|
9 |
No policy override from Ivanti Secure Access Client UI. |
|
25 |
Invalid action for current connection state. This error code would occur if you tried to suspend or resume a connection that was disconnected. |
|
100 |
General error. |
The return codes specified in Table10 refer to the executable's return codes. On Windows, you can display the last error level with "echo %errorlevel%" (without quotes). On OSX, the command is "echo $?" (without quotes).
Examples
The following command is a simple login application that captures the credentials the user enters, and passes the credentials as arguments to pulselauncher.exe:
pulselauncher.exe -u JDoe -p my$Pass84 -url https://int-company.portal.com/usr -r Users
pulselauncher return code: 0
The following Ivanti Secure Access Client Launcher example shows a certificate authentication:
pulselauncher.exe -url https://int-company.portal.com/usr -cert MyCert -url https://int-company.portal.com/usr -r Users
pulselauncher return code: 0
The following example shows a command to use Ivanti Secure Access Client Launcher to specify a cookie (-d) for a specific Ivanti server (-url):
pulselauncher.exe -d 12adf234nasu234 -url https://int-company.portal.com/usr
pulselauncher return code: 0