@Override public RequestSecurityTokenResponseType validate(String tenantName, Request req) { assert tenantName != null; assert req != null; STS sts = stsFactory.getSTS(tenantName); try { return sts.validate(req); } catch (InvalidSignatureException e) { return RSTRBuilder.createValidateResponse(req, false); } }