@Override public RequestSecurityTokenResponseCollectionType challenge( String tenantName, RequestSecurityTokenResponseType requestSecurityTokenResponse, SecurityHeaderType headerInfo) { assert tenantName != null; assert requestSecurityTokenResponse != null; assert headerInfo != null; STS sts = stsFactory.getSTS(tenantName); try { return sts.challenge(requestSecurityTokenResponse, headerInfo); } catch (InvalidSignatureException e) { throw new InvalidCredentialsException(e.getMessage(), e); } }