"test-user" is a localos user, but SSO is trying to change the password for the SSO domain (default vsphere.local) domain.

/var/log/vmware/sso/ssoAdminServer.log

[YYYY-MM-DDTHH:MM:SS] ERROR ssoAdminServer[95:pool-2-thread-2] [OpId=xxxxxxxx-xxx-auto-xx-xx:xxxxxxxx] [com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Error in updateLocalPersonUserDetails. Check if user already exists. Idm client exception.com.vmware.identity.idm.InvalidPrincipalException: user test-user@sso_domain does not exists
[YYYY-MM-DDTHH:MM:SS] INFO ssoAdminServer[95:pool-2-thread-2] [OpId=xxxxxxxx-xxx-auto-xx-xx:xxxxxxxx] [com.vmware.identity.admin.vlsi.PrincipalManagementServiceImpl] The specified principal (test-user) is invalid.
com.vmware.vim.sso.admin.exception.InvalidPrincipalException: The specified principal (test-user) is invalid.

• vCenter Server 8.0U3

This issue is identified as a bug specific to the vCenter Server 8.0 U3 GUI.

• In vCenter Server 8.0 U3, operations for localos users were unintentionally enabled in the vSphere Client GUI. In the prior vCenter 8.0 U2 GUI, these operations were correctly grayed out (disabled) because the local operating system is no longer a supported identity source for management via the GUI.
  
  
• Broadcom has officially deprecated the use of localos accounts as an identity source starting from vCenter Server 7.0 Update 3c (7U3c) and plans to discontinue support for and remove this functionality entirely in a future release of vSphere.

• The resolution involves avoiding the unsupported interface operations within the vSphere Client GUI and using the correct, supported method for managing localos users through the vCenter Appliance Shell (VCSA Shell) command-line interface, as mentioned in the techdoc below.
  
  Managing Local User Accounts in vCenter Server
  
  
• This functionality is expected to be disabled again in the GUI in a future patch or update to vCenter Server, restoring the intended behavior and preventing users from attempting unsupported operations.