I don't know if this helps you, or I entirely understand your requirements, but if you sign up for a Salesforce developer account you can run OpenIDConnect from there. Under the developer home page they have "Security Controls", "Auth Providers" and you can create an OpenIDConnect provider from there and connect to your OTK, using the built in 'userinfo' service to demo it. Basically it'll give you a url you can plug into your browser and ultimately return information from your identity provider via the OTK. Takes some configuration, and of course you need a working OTK, but you should be able to do it without programming.
Unfortunately, aside from the basic idea I'm not sure I can help you. We don't use MAG, we're running 9.1 of the gateway and I think 3.3 of the OTK, and we have a somewhat customized implementation of OTK. So we do things a little differently here, but the Salesforce auth provider should work with the standard toolkit. In general you have to register the Salesforce client in OAuth Manager, then plug that key and secret into the Salesforce client setup along with /authorize, /token and /userinfo OTK url's to test it.