This what we found so far. We want to use scenario 2.
Scenario 1If we run the website using Anonymous Authentication, use the Application Pool Identity as the Anonymous Authentication Credentials, and give the Application Pool Identity Read & Write permissions to the includes folder, this page works. Therefore http://{yourwebserver}/login.php?config or http://{yourwebserver}/webea/login.php?config is using the Application Pool Identity to access the includes folder.
However, the login screen does not prompt the user to login (as expected) and always fails with an unspecified error irrespective of whether the model has security enabled or not.
Scenario 2If we run the website using Windows Authentication and give an AD group Read & Write permissions to the includes folder, this page works, this page works for any user belonging to that group. Therefore http://{yourwebserver}/login.php?config or http://{yourwebserver}/webea/login.php?config is automatically using the windows login of the user accessing this page.
However, the login screen does not prompt the user to login and throws the following error, SSL certificate problem: unable to get local issuer certificate, irrespective of whether the model has security enabled or not. Adding sscs_use_ssl = "true" as suggested by
https://sparxsystems.com/enterprise_architect_user_guide/15.2/model_repository/webea_troubleshoot.html, does not make a difference.
Any help is as usual very welcome. We have also submitted a support case.
