I need to develop an application that triggers a SCP Workflow api, implementing principal propagation. The application that calls the api is an ABAP report in my on-premise system and user that start the process need to be propagated to cloud.
SCP Application Identity Provider trusts in a custom SAP IAS, so i can't call workflow api using basic authentication, only using SAML 2.0 mode.
My backend system, S/4HANA, trusts in the same SAP IAS. I can authenticate in SAP IAS and launch Fiori Launchpad (on-premise) and launch SCP application using the same username, due SSO.
How can i call the workflow api using SAML authentication mode in an ABAP report and Is it possible to implement principal propagation?
Note: report will run in background.
I know that i can do this using OAuth, but using this authentication mode, i can't implement principal propagation.
Cloud Connector does not work in this case because is on-premise pushing data to cloud.