private STSInstanceState getSTSInstanceState(
     TokenGenerationServiceInvocationState invocationState) throws ResourceException {
   STSInstanceState stsInstanceState;
   try {
     if (AMSTSConstants.STSType.REST.equals(invocationState.getStsType())) {
       stsInstanceState =
           restSTSInstanceStateProvider.getSTSInstanceState(
               invocationState.getStsInstanceId(), invocationState.getRealm());
     } else if (AMSTSConstants.STSType.SOAP.equals(invocationState.getStsType())) {
       stsInstanceState =
           soapSTSInstanceStateProvider.getSTSInstanceState(
               invocationState.getStsInstanceId(), invocationState.getRealm());
     } else {
       String message =
           "Illegal STSType specified in TokenGenerationService invocation: "
               + invocationState.getStsType();
       logger.error(message);
       throw new BadRequestException(message);
     }
   } catch (TokenCreationException | STSPublishException e) {
     logger.error(
         "Exception caught obtaining the sts instance state necessary to generate a saml2 assertion: "
             + e,
         e);
     throw e;
   } catch (Exception e) {
     logger.error(
         "Exception caught obtaining the sts instance state necessary to generate a saml2 assertion: "
             + e,
         e);
     throw new InternalServerErrorException(e);
   }
   return stsInstanceState;
 }
 private SSOToken validateAssertionSubjectSession(
     TokenGenerationServiceInvocationState invocationState) throws ForbiddenException {
   SSOToken subjectToken;
   SSOTokenManager tokenManager;
   try {
     tokenManager = SSOTokenManager.getInstance();
     subjectToken = tokenManager.createSSOToken(invocationState.getSsoTokenString());
   } catch (SSOException e) {
     logger.debug(
         "Exception caught creating the SSO token from the token string, almost certainly "
             + "because token string does not correspond to a valid session: "
             + e);
     throw new ForbiddenException(e.toString(), e);
   }
   if (!tokenManager.isValidToken(subjectToken)) {
     throw new ForbiddenException("SSO token string does not correspond to a valid SSOToken");
   }
   try {
     AMIdentity subjectIdentity = IdUtils.getIdentity(subjectToken);
     String invocationRealm = invocationState.getRealm();
     String subjectSessionRealm = DNMapper.orgNameToRealmName(subjectIdentity.getRealm());
     logger.debug(
         "TokenGenerationService:validateAssertionSubjectSession subjectRealm "
             + subjectSessionRealm
             + " invocation realm: "
             + invocationRealm);
     if (!invocationRealm.equalsIgnoreCase(subjectSessionRealm)) {
       logger.error(
           "TokenGenerationService:validateAssertionSubjectSession realms do not match: Subject realm : "
               + subjectSessionRealm
               + " invocation realm: "
               + invocationRealm);
       throw new ForbiddenException("SSO token subject realm does not match invocation realm");
     }
   } catch (SSOException | IdRepoException e) {
     logger.error(
         "TokenGenerationService:validateAssertionSubjectSession error while validating identity : "
             + e);
     throw new ForbiddenException(e.toString(), e);
   }
   return subjectToken;
 }