Pulse Client Command-line Launcher

The Pulse Client Launcher (pulselauncher.exe) is a standalone client-side command-line program that allows you to launch Pulse Client and connect to or disconnect from a Pulse Secure server (Pulse Connect Secure or Pulse Policy Secure) without displaying the Pulse Client graphical user interface.

Pulse Client Launcher Usage Notes:

•Pulse Client Launcher runs on Windows 32-bit and 64-bit endpoints.

•The Pulse Client Launcher program, pulselauncher.exe, is installed as part of a Pulse Client installation in Program Files\Common Files\Pulse Secure\Integration or Program Files (x86)\Common Files\Pulse Secure\Integration.

•Pulse Client Launcher works only for the Connect Secure or Policy Secure (L3) connection type. Pulse Client Launcher does not support the SRX Series or Policy Secure (802.1X) connection types.

•The Pulse Client Launcher program does not support the role mapping option that prompts a user to select from a list of assigned roles. If you use the Pulse Client Launcher and more than one role can be assigned to a user, you must configure the role mapping settings for the realm to merge settings for all assigned roles. If the realm settings require the user to select a role, the Pulse Client Launcher command fails and exits with return code 2.

•Pulse Client Launcher does not support secondary authentication.

To use Pulse Client Launcher:

1.Write a script, batch file, or application.

2.Include a call to the Pulse Client Launcher executable, pulselauncher.exe.

3.Include logic in your script, batch file, or application to handle the possible return codes.

Table lists the Pulse Client Launcher arguments.

The following command shows the complete pulselauncher.exe command syntax:

Argument	Action
-version	Display the Pulse Client Launcher version information, then exit.
-help	Display available arguments information.
-stop	Stop Pulse Client and disconnect all active connections.
-L loglevel	Specify the log level to show in logs. 3: Normal - Log Critical, Error, Warning and Info messages (default) 5: Detailed - Log All messages
-url <url>	Specify the Pulse Secure server URL.
-u <user>	Specify the username.

-p <password>	Specify the password for authentication.
-r <realm>	Specify the realm on the Pulse Secure server.
-d <DSID>	Passes a cookie to Pulse Client Launcher for a specified Pulse Secure server from another authentication mechanism when Pulse Client Launcher starts. When you use the -d argument, you must also specify the -url argument to specify the Pulse Secure server.
-cert <client certificate>	Specify the certificate to use for user authentication. For <client certificate> use the string specified in the Issued To field of the certificate. When using the -cert argument, you must also specify the -url and -r <realm> arguments. To use certificate authentication with the Pulse Client Launcher program, you must first configure the Pulse Secure server to allow the user to sign in via user certificate authentication. You must also configure a trusted client CA on the Pulse Secure server and install the corresponding client-side certificate in the Web browsers of end-users before running the Pulse Client Launcher. If the certificate is invalid, the Pulse Client Launcher displays an error message on the command line and logs a message in the log file. If Pulse Client is launched through a browser, the browser handles certificate verification. If Pulse Client is launched through an application on Windows, the application handles certificate verification. If Pulse Client is launched through the Pulse Client Launcher on Windows, Pulse Client Launcher handles the expired or revoked client certificates.
-signout <url>	Signout disconnects and signs out from a specific server. Suspend puts an active connection in the suspend state without removing the session information from the server. Resume restores a suspended connection. Pulse Client can have multiple simultaneous connections so the -url argument is required when you use -signout, -suspend, or -resume.
-suspend <url>
-resume <url>
-t <timeout in seconds>	The amount of time allowed for the connection to take place before the attempt fails. Min = 45 (default), Max = 600.

Code	Description
-1	Pulse Client is not running.
0	Success.
1	A parameter is invalid.
2	Connection has failed or Pulse Client is unable to connect to the specified gateway.
3	Connection established with error.
4	Connection does not exist. Example: the command attempts to sign out from a server that has not been added on the Pulse Client UI.
5	User cancelled connection.
6	Client certificate error.
7	Timeout error.
8	No user connection allowed from Pulse Client UI.
9	No policy override from Pulse Client UI.
25	Invalid action for current connection state. This error code would occur if you tried to suspend or resume a connection that was disconnected.
100	General error.

The return codes specified in Table10 refer to the executable's return codes. On Windows, you can display the last error level with "echo %errorlevel%" (without quotes). On OSX, the command is "echo $?" (without quotes).

Examples

The following command is a simple login application that captures the credentials the user enters, and passes the credentials as arguments to pulselauncher.exe:

pulselauncher.exe -u JDoe -p my$Pass84 -url https://int-company.portal.com/usr -r Users

pulselauncher return code: 0

The following Pulse Client Launcher example shows a certificate authentication:

pulselauncher.exe -url https://int-company.portal.com/usr -cert MyCert -url https://int-company.portal.com/usr -r Users

pulselauncher return code: 0

The following example shows a command to use Pulse Client Launcher to specify a cookie (-d) for a specific Pulse Secure server (-url):

pulselauncher.exe -d 12adf234nasu234 -url https://int-company.portal.com/usr

pulselauncher return code: 0