Enhancing Security Testing for Identity Management Implementations: Introducing Micro-Id-Gym Language and Micro-Id-Gym Testing Tool

This work presents MIG-L, a declarative language for specifying security and conformance tests, and MIG-T, an automated testing tool for Identity Management (IdM) implementations based on SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC). MIG-L enables the systematic description of protocol behaviors and security requirements, while MIG-T executes automated assessments to verify compliance with Best Current Practices, detect known vulnerabilities, and provide actionable mitigation strategies. The combined framework supports comprehensive testing of authentication and authorization flows in federated identity ecosystems. Experimental evaluations demonstrate the flexibility, scalability, and effectiveness of the approach for improving the security posture of real-world IdM deployments.