Currently, all of our clients will be logging in with service accounts using signed JWT as described here: http://blog.keycloak.org/2015/10/authentication-of-clients-with-signed.html .

Does brute-force detection accomplish anything under this scenario?