Hi Chee,I'm a big user of OpenAM. What are you thinking for a test tool for OpenAM? It's quite easy to have something to authenticate a user using the REST API, however involved an agent will be very difficult imho. If you have some ideas maybe we can try to develop such a tool!
This test tool behaves exactly like a Policy Agent... And then, you can start to simulate how a normal end-user use a typical protected application by accessing a particular URL. Appropriate responses will be feedback. This is a very good tool for a QA team before approving a protected application to go LIVE.