After upgrading Zowe V3.0 from version V1.5,

The Zowe STC starts successfully but login to Zowe Desktop or API catalog URLs began to fail,

Following messages are issued in the server sysout:

ZWES1606W Failed to get JWK. rc=failed to init HTTP request (9), rsn=Connect failed (6). Retry in 10 seconds
.../...
error parsing JSON response
.../...
YYYY-MM-DD hh:mm:ss.sss <ZWED:235> BPXROOT WARN (_zsf.auth,webauth.js:378) ZWED0003W - User=undefined (org.zowe.zlux.auth.safsso): Session authenticate failed
ZWES1606W Failed to get JWK. rc=HTTP response error (2), rsn=Unknown reason (0). Retry in 10 seconds

From the Web-browser user get error "Authentication failed for 3 types. Types: ["saf","apiml","zss"] org.zowe.zlux.auth.safsso: APIML 500" 

Zowe 3.0

There was change in Zowe v 3.0 with JWT and z/OSMF that could be responsible for your issue.

"jwtAutoconfiguration" default value was changed from "auto" to "jwt".

There is two options to resolve this issue:

1. If JWT is enable, the value "auto" is no longer supported
   Note:
   For version of z/OS before 3.1, validate that the PH12143 APAR was applied to the z/OSMF installation used by Zowe. 
2. If JWT support is not enabled, make sure that you set the value of components.gateway.apiml.security.auth.zosmf.jwtAutoconfiguration to "ltpa".
   Note:
   The "ltpa" option cannot be used with hardware accelerated ICSF Keyrings. 
    

Also in Zowe YAML references to safkeyring use 2 slashes, not 4, such as safkeyring:// instead of safkeyring:////.