Dear colleagues,
I'm currently working on Principal Propagation scenario between BTP CF and ABAP backend. The issue I have faced is related to JW token, which is generated by BTP and utilized by Cloud Connector to issue a X.509 certificate.
As of SCC version 2.13.2 it is possible to directly access to user attributes injected in the JWT:
SAP Cloud Connector Principal Propagation with xs.user.attributes | SAP Community
Configure Subject Patterns for Principal Propagation | SAP Help Portal
So I configured subject patterns for principal propagation on the Cloud Connector level in the following way:

{type} is a user type attribute which is maintained in IAS (Employee, Public, etc.) and transferred with SAML from IAS to BTP during authentication:

But when BTP generates JW Token for Cloud Connector, this attribute is not included by default except the default ones: "given_name", "family_name", "email", etc:

and there's such log in ljs_trace.log of Cloud Connector like "Condition ... does not fir to principal ... "
as {type} attribute is not included in JWT.
I've got familiar with blogs like SAP BTP Security: How to handle Authorization and Attributes [1] with XSUAA | SAP Blogs or pages like Application Security Descriptor Configuration Syntax | SAP Help Portal, but they are mostly related to custom applications.
But how can it be managed using standard functionality of BTP for Business Application Studio, for instance, to configure Principal Propagation for BAS?
Many thanks in advance! Regards.