Thanks, Aliaksandr. It decrypts to the scim-rs.jks storepass.
I'm not the only one who was confused by that. I see other folks on this forum were similarly confused too.
Any ideas why POST to /requester/perm with an access token from authenticating as SCIM RP Client, plus a ticket and RPT will result in a not_authorized_permission? It seems to imply that the SCIM RP Client is not authorized to access the SCIM API. Yet, under Manage Custom Scripts / UMA Authorization Policies / uma_authorization_policy, the SCIM RP Client is the first of the two comma-separated inums in the allowed_clients property. Odd.