I would like to understand how the authentication towards https://localhost/scim works, as of now I have not succeed in making it working yet.

I am using infomap to connect to the SCIM with easuser credentials, from reverse proxy and when I am "faking" a reverse proxy request from infomap (by using the external hostname of the runtime and include iv-user, iv-groups, iv-creds, host, etc. in request headers) I have no issues (except that I cannot manage other users), but as soon as I try use localhost I fail.

If I follow the cookbok guide and set the rt_profie_keys as a truststore I get the certificate validation error since the server certificate is not in the "trust" section, if I use a truststore that have the server certificate in the trust I get 403 Authentication failed.

The easuser is a member of scimAdmin in AAC Runtime, the SCIM Administration Group is set to scimAdmin and as I mentioned I have no problems in using that user from reverse proxy and from infomap "faking" a reverse proxy request.

In my SCIM configuration only one thing differ from cookbook instructions -  the "User Profile" and "Verify Access User" are configured with external LDAP instead of Verify Access Runtime, can this be the issue or have I missed something else?

Honestly, probably best to open a support ticket to have the team take you through a checklist to isolate the problem.