Automatic Security Testing Tool for Identity Management Protocols CLEANSE DAISY ST
ID: p-2026-st-1
Published on: Wednesday, 21 January 2026
Deadline for Applications: Friday, 20 February 2026 at 23:59
Description:
Identity Management (IdM) protocols are the protocols supporting Single-Sign On (SSO) which is an authentication schema allowing the user to access different services using the same set of credentials. Two of the most known IdM protocols are SAML 2.0 SSO and OAuth 2.0/OpenID Connect. Several solutions for corporations like Google, Facebook and for Public Administration like eIDAS and SPID are based on IdM protocols. We propose to investigate and develop methodologies and tools for assessing the security and robustness of IdM implementations. This activity may include the definition of reusable testing patterns, the design and implementation of extensions or plugins for existing security testing tools—such as Micro-Id-Gym (MIG)—and the execution of automated security and conformance tests on IdM implementations.
Type: Internship + Thesis
Levels: BSc, MSc
Supervisors: Andrea Bisegna (a.bisegna@fbk.eu), Laura Cristiano (l.cristiano@fbk.eu)
Prerequisites: Basic knowledge of Python
Objectives:
- Assess the security and robustness of IdM implementations, with a focus on SSO protocols such as SAML 2.0 and OAuth 2.0/OpenID Connect;
- Develop methodologies and automated tools for security and conformance testing of IdM implementations, including extensions of MIG;
- Identify vulnerabilities, misconfigurations, and non-conformities in real IdM implementations, providing actionable hints for their security.
Topics: Security testing, Identity management protocols, Security testing tools, Conformance testing