Grafana v5.2.4 role attribute path correct format

I’m using keycloak and trying to get a user authenticated in Keycloak to get the correct permissions in Grafana, he should be set admin, but he is set a Viewer.

Here is my role_attribute_path statement in my ini file:
role_attribute_path = contains(roles[], ‘admin’) && ‘Admin’ || contains(roles[], ‘editor’) && ‘Editor’ || ‘Viewer’

Here is the info from the logs:
“realm_access”: {
“roles”: [
“Site_Admin”
]
},
“resource_access”: {
grafana.XX.com”: {
“roles”: [
“admin”
]
}
},
“scope”: “openid profile email user open-id”,
“email_verified”: false,
“roles”: [
“admin”
],

What am I missing.

You are missing documentation OAuth authentication | Grafana Labs

Only available in Grafana v6.5+.

Your Grafana is only 5.2.4 → you are trying to use feature, which is available only in future version.

BTW: also your IDP (it looks like a Keycloak) will need some better configuration - I’m missing point of custom open-id scope and so many role claims (especially, when you want to use only top level roles claim). Of course that’s optional part and it should be working also with this IDP config.