Currently brute force protection is not enabled for service accounts, but there's an outstanding issue to enable this:

https://issues.jboss.org/browse/KEYCLOAK-2003

On 8 December 2015 at 16:36, Paul Blair <pblair@clearme.com> wrote:

Currently, all of our clients will be logging in with service accounts using signed JWT as described here: http://blog.keycloak.org/2015/10/authentication-of-clients-with-signed.html .

Does brute-force detection accomplish anything under this scenario?

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user