Kong fails with: error loading module 'kong.plugins.saml.handler'

I am using v3.2.1 on ubuntu jammy. I was prompted to run ‘migrations up’ and on attempting to restart kong, I get:

2023/03/02 09:42:53 [notice] 1499#0: [lua] license_helpers.lua:155: read_license_info(): [license-helpers] could not decode license JSON: No license found
2023/03/02 09:42:53 [info] 1499#0: [lua] licensing.lua:238: update(): [licensing] license type: free
2023/03/02 09:42:53 [notice] 1499#0: [lua] license_helpers.lua:155: read_license_info(): [license-helpers] could not decode license JSON: No license found
2023/03/02 09:42:53 [info] 1499#0: [lua] utils.lua:158: set_region(): set AWS auto-detected region to 'nil' with error msg: unable to detect AWS region, all options failed
2023/03/02 09:42:53 [warn] 1499#0: [kong] [C]:-1 [Penlight 1.13.1] the contents of module 'pl.xml' has been deprecated, please use a more specialized library instead (deprecated after 1.11.0, scheduled for removal in 2.0.0)
2023/03/02 09:42:53 [error] 1499#0: init_by_lua error: /usr/local/share/lua/5.1/kong/tools/utils.lua:707: error loading module 'kong.plugins.saml.handler':
./saml/utils/xmlcatalog.lua:21: file 'xml/xsd/saml-metadata.xml' not found:
	could not recognize @./saml/utils/xmlcatalog.lua as a LuaRocks module
	can't open ./saml/utils/xml/xsd/saml-metadata.xml: ./saml/utils/xml/xsd/saml-metadata.xml: No such file or directory
	can't open /usr/share/xml/xsd/saml-metadata.xml: /usr/share/xml/xsd/saml-metadata.xml: No such file or directory
	can't open /usr/lib/xml/xsd/saml-metadata.xml: /usr/lib/xml/xsd/saml-metadata.xml: No such file or directory
	can't open ./xml/xsd/saml-metadata.xml: ./xml/xsd/saml-metadata.xml: No such file or directory
stack traceback:
	[C]: in function 'assert'
	./saml/utils/xmlcatalog.lua:21: in function 'load'
	./saml/saml.lua:25: in main chunk
	[C]: in function 'require'
	./saml/handler.lua:22: in main chunk
	[C]: at 0x7fc1e42483f0
	[C]: in function 'xpcall'
	/usr/local/share/lua/5.1/kong/tools/utils.lua:698: in function 'load_module_if_exists'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:206: in function 'load_plugin_handler'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:313: in function 'load_plugin'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:365: in function 'load_plugin_schemas'
	/usr/local/share/lua/5.1/kong/init.lua:705: in function 'init'
	init_by_lua:3: in main chunk
stack traceback:
	[C]: in function 'error'
	/usr/local/share/lua/5.1/kong/tools/utils.lua:707: in function 'load_module_if_exists'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:206: in function 'load_plugin_handler'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:313: in function 'load_plugin'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:365: in function 'load_plugin_schemas'
	/usr/local/share/lua/5.1/kong/init.lua:705: in function 'init'
	init_by_lua:3: in main chunk

How do I resolve this?

I should add this fails when starting as a daemon under systemctl. Kong starts when running manually. I discover I now have to add User/Group=root to the [Service] section to start without failing whereas this was not needed before.

Hi @Chris_Powell, the need to run as root should be addressed with Kong 3.2.2.0.

Thanks,

Fel.

The issue is still there with 3.2.2.0, starting the service as root temporarily solves it.

After that it automatically downgraded to Kong user so I don’t think it will create any security issue… just a workaround for now