Launching Ivanti Secure Access Client for iOS App with a Command

The Ivanti Secure Access Client launcher for iOS is a command that is registered with iOS when the mobile device user installs Ivanti Secure Access Client for iOS app. The Ivanti Secure Access Client launcher starts (or stops) Ivanti Secure Access Client and can establish a VPN connection using connection parameters specified in the command. The command can specify all login parameters. If the app generates or accesses an appropriate passcode, Ivanti Secure Access Client starts and establishes a VPN connection with no input from the user. You can use the Ivanti Secure Access Client launcher command in Web pages and external apps.

When a user taps a button that is tied to a Ivanti Secure Access Client launcher command, the command launches the Ivanti Secure Access Client app if it is not already running. If Ivanti Secure Access Client is not already installed on the iOS device, an error occurs. The next step depends on the current Ivanti Secure Access Client connection status and configuration. One of the following occurs:

•If Ivanti Secure Access Client does not already have an active connection to Connect Secure, it uses an existing configuration to establish the VPN connection.

•If Ivanti Secure Access Client does not already have an active connection, and it does not already have a configuration for the target Ivanti server, Ivanti Secure Access Client opens the Add Configuration screen. The target URL is already defined and the user just needs to specify a name for the connection.

•If the Ivanti Secure Access Client app is already connected to a Ivanti server, the Ivanti Secure Access Client app is brought to the foreground.

To employ the Ivanti Secure Access Client launcher in your Web pages or external applications, specify the link using the following format:
pulsesecure://<server-host>/<server-path> ?method={vpn} &action={start|stop} &DSID=<dsid-cookie> &SMSESSION=<smsession-cookie> &username=<username> &password=<password> &realm=<realm> &role=<role>

Usage notes:

•If the DSID cookie is given in the URL, the app does not use the "username", "password", "realm", or "role" parameters because no login is required.

•The values for username, realm, and role are URI-escaped values. Special characters are replaced with their hexidecimal equivalents preceded by '%'.

•If the user has specified the username, realm, and role when creating the VPN configurations in the Ivanti Secure Access Client app, those values are used to auto-fill the username, realm, and role for the login pages during a Web-based login. During login, if all fields are successfully auto-filled from fields in the VPN configuration or the pulsesecure:// launch URL, the login progresses without any user input. The username, realm, and role values need to already exist in the VPN configuration for them to be auto-filled during the login process. If the user manually specifies the username, realm, or role during login, the app will not add or update these values in the VPN configuration. The user needs to explicitly update the VPN configuration with these values.

•The Ivanti Secure Access Client app does not save the password in the Password field in VPN configurations. The Ivanti Secure Access Client app does not use values from Password fields in VPN configurations installed by the iPhone Configuration Utility. Ivanti Secure Access Client will only use passwords specified in pulsesecure:// URLs.

•If the user manually specifies the username, realm, or role during login, the app stores these values in the VPN configuration and they will be auto-filled the next time the user signs in. Passwords entered by the user are not saved in the VPN configuration.

•Realm and role fields in the VPN configuration format are supported in Apple iOS 4.2 and later. If the Ivanti Secure Access Client app is run on an iOS device running iOS 4.1, the realm and role fields will not be visible in Ivanti Secure Access Client Add/Edit configuration view.

Examples:

If the calling application has already obtained a DSID cookie from (Undefined variable: pmc_ios_adminguide.PCS_long), the app can use the following command to start the VPN:
pulsesecure://<server-host>/<server-path> ?method=vpn &action=start &DSID=<dsid-cookie> &SMSESSION=<smsession-cookie>

If the calling application does not already have a DSID, it can use the following command to start the VPN:
pulsesecure://<server-host>/<server-path> ?method=vpn&action=start &username=<username> &password=<password> &realm=<realm> &role=<role>

If the calling application wants to stop the VPN, it can use the following command:
pulsesecure://<server-host>/<server-path> ?method=vpn &action=stop