Kong fails with: error loading module 'kong.plugins.saml.handler'

Chris_Powell · March 2, 2023, 9:52am

I am using v3.2.1 on ubuntu jammy. I was prompted to run ‘migrations up’ and on attempting to restart kong, I get:

2023/03/02 09:42:53 [notice] 1499#0: [lua] license_helpers.lua:155: read_license_info(): [license-helpers] could not decode license JSON: No license found
2023/03/02 09:42:53 [info] 1499#0: [lua] licensing.lua:238: update(): [licensing] license type: free
2023/03/02 09:42:53 [notice] 1499#0: [lua] license_helpers.lua:155: read_license_info(): [license-helpers] could not decode license JSON: No license found
2023/03/02 09:42:53 [info] 1499#0: [lua] utils.lua:158: set_region(): set AWS auto-detected region to 'nil' with error msg: unable to detect AWS region, all options failed
2023/03/02 09:42:53 [warn] 1499#0: [kong] [C]:-1 [Penlight 1.13.1] the contents of module 'pl.xml' has been deprecated, please use a more specialized library instead (deprecated after 1.11.0, scheduled for removal in 2.0.0)
2023/03/02 09:42:53 [error] 1499#0: init_by_lua error: /usr/local/share/lua/5.1/kong/tools/utils.lua:707: error loading module 'kong.plugins.saml.handler':
./saml/utils/xmlcatalog.lua:21: file 'xml/xsd/saml-metadata.xml' not found:
	could not recognize @./saml/utils/xmlcatalog.lua as a LuaRocks module
	can't open ./saml/utils/xml/xsd/saml-metadata.xml: ./saml/utils/xml/xsd/saml-metadata.xml: No such file or directory
	can't open /usr/share/xml/xsd/saml-metadata.xml: /usr/share/xml/xsd/saml-metadata.xml: No such file or directory
	can't open /usr/lib/xml/xsd/saml-metadata.xml: /usr/lib/xml/xsd/saml-metadata.xml: No such file or directory
	can't open ./xml/xsd/saml-metadata.xml: ./xml/xsd/saml-metadata.xml: No such file or directory
stack traceback:
	[C]: in function 'assert'
	./saml/utils/xmlcatalog.lua:21: in function 'load'
	./saml/saml.lua:25: in main chunk
	[C]: in function 'require'
	./saml/handler.lua:22: in main chunk
	[C]: at 0x7fc1e42483f0
	[C]: in function 'xpcall'
	/usr/local/share/lua/5.1/kong/tools/utils.lua:698: in function 'load_module_if_exists'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:206: in function 'load_plugin_handler'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:313: in function 'load_plugin'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:365: in function 'load_plugin_schemas'
	/usr/local/share/lua/5.1/kong/init.lua:705: in function 'init'
	init_by_lua:3: in main chunk
stack traceback:
	[C]: in function 'error'
	/usr/local/share/lua/5.1/kong/tools/utils.lua:707: in function 'load_module_if_exists'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:206: in function 'load_plugin_handler'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:313: in function 'load_plugin'
	/usr/local/share/lua/5.1/kong/db/dao/plugins.lua:365: in function 'load_plugin_schemas'
	/usr/local/share/lua/5.1/kong/init.lua:705: in function 'init'
	init_by_lua:3: in main chunk

How do I resolve this?

Chris_Powell · March 3, 2023, 10:11am

I should add this fails when starting as a daemon under systemctl. Kong starts when running manually. I discover I now have to add User/Group=root to the [Service] section to start without failing whereas this was not needed before.

Fel · March 15, 2023, 11:22pm

Hi @Chris_Powell, the need to run as root should be addressed with Kong 3.2.2.0.

Thanks,

Fel.

minhng99 · March 18, 2023, 1:20pm

The issue is still there with 3.2.2.0, starting the service as root temporarily solves it.

After that it automatically downgraded to Kong user so I don’t think it will create any security issue… just a workaround for now