Unable to Log in to Grafana with Admin Role via Keycloak

• What Grafana version and what operating system are you using?
  I am using grafana 11.5 on linux system

• What are you trying to achieve?
  I need to login in grafana with admin role via keycloak.

• How are you trying to achieve it?
  I have configured the grafana ini file from the documentation and other available sources. Also I have added proper roles in keyclock user and same is available in request payload.

• What happened?
  After signing up/logging in via Keycloak, the user is assigned the “Viewer” role. Even after setting the role_attribute_path field to the hardcoded “Admin” value, the user is still assigned the “Viewer” role.

• What did you expect to happen?
  I want user signup/logged in with Admin role.

• Can you copy/paste the configuration(s) that you are having problems with?
  Below is the grafana.ini file:

[auth.generic_oauth]
enabled = true
name = keycloak
allow_sign_up = true
auto_login = false
use_pkce = true
use_refresh_token = true
tls_skip_verify_insecure = true
client_id =
client_secret = <valid_client_secret>
auth_url = https://<keycloak_domain>/auth/realms/emrealm/protocol/openid-connect/auth
token_url = https://<keycloak_domain>/auth/realms/emrealm/protocol/openid-connect/token
api_url = https://<keycloak_domain>/auth/realms/emrealm/protocol/openid-connect/userinfo
redirect_uri = http://<grafana_domain>/login/generic_oauth
role_attribute_path = contains(realm_access.roles[], ‘Admin’) && ‘Admin’ || contains(realm_access.roles[], ‘EM_admin’) && ‘Editor’ || ‘Viewer’
auto_assign_org_role = false
skip_org_role_sync = true
allow_assign_grafana_admin = true
email_attribute_path = email
login_attribute_path = username
name_attribute_path = name
role_attribute_strict = false
org_attribute_path = roles
org_mapping = ‘Admin’
role_mapping = {“Admin”: “Admin”, “Editor”: “Editor”, “default”: “Editor”}
scopes = openid email profile roles
signout_redirect_url = https://<keycloak_domain>/auth/realms/emrealm/protocol/openid-connect/logout?post_logout_redirect_uri=http://<grafana_domain>/login

Below is the request payload:

“realm_access”: {
“roles”: [
“default-roles-emrealm”,
“offline_access”,
“admin”,
“uma_authorization”,
“EM_admin”,
“Admin”
]
},
“roles”: [
“default-roles-emrealm”,
“offline_access”,
“admin”,
“uma_authorization”,
“EM_admin”,
“Admin”
]

• Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
  No errors are found in the Grafana UI or the log files.

• Did you follow any online instructions? If so, what is the URL?
  Configure Generic OAuth authentication | Grafana documentation

Thanks team, it worked for me
after setting skip_org_role_sync = false i am able to login with admin and grafanaadmin both.