diff --git a/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java b/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java
index 7223c2f8a81..362a815b812 100644
--- a/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java
+++ b/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java
@@ -247,7 +247,7 @@ AuthenticationResponse authenticate(ProviderRequest providerRequest, LoginConfig
SignedJwt signedJwt;
try {
headers = JwtHeaders.parseToken(token);
- if (headers.encryption().isPresent()) {
+ if (headers.encryption().isPresent() || decryptionKeys.get() != null) {
EncryptedJwt encryptedJwt = EncryptedJwt.parseToken(headers, token);
if (!headers.contentType().map("JWT"::equals).orElse(false)) {
throw new JwtException("Header \"cty\" (content type) must be set to \"JWT\" "
diff --git a/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml b/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml
index 659777dae17..c6106336d56 100644
--- a/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml
+++ b/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml
@@ -58,12 +58,6 @@
-
-
-
-
-
-