<div dir="ltr"><div>Currently brute force protection is not enabled for service accounts, but there&#39;s an outstanding issue to enable this:</div><a href="https://issues.jboss.org/browse/KEYCLOAK-2003">https://issues.jboss.org/browse/KEYCLOAK-2003</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On 8 December 2015 at 16:36, Paul Blair <span dir="ltr">&lt;<a href="mailto:pblair@clearme.com" target="_blank">pblair@clearme.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>Currently, all of our clients will be logging in with service accounts using signed JWT as described here: <a href="http://blog.keycloak.org/2015/10/authentication-of-clients-with-signed.html" target="_blank">http://blog.keycloak.org/2015/10/authentication-of-clients-with-signed.html</a> .</div>
<div><br>
</div>
<div>Does brute-force detection accomplish anything under this scenario?</div>
</div>

<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>