diff --git a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh
index 7762aa6af842..3b8ef9cdc2f4 100644
--- a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh
+++ b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh
@@ -34,6 +34,7 @@ keycloak_env_vars=(
     KEYCLOAK_CACHE_TYPE
     KEYCLOAK_CACHE_STACK
     KEYCLOAK_EXTRA_ARGS
+    KEYCLOAK_EXTRA_ARGS_PREPENDED
     KEYCLOAK_ENABLE_STATISTICS
     KEYCLOAK_ENABLE_TLS
     KEYCLOAK_TLS_TRUSTSTORE_FILE
@@ -108,6 +109,7 @@ export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}"
 export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}"
 export KEYCLOAK_CACHE_STACK="${KEYCLOAK_CACHE_STACK:-}"
 export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}"
+export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}"
 export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}"
 export KEYCLOAK_ENABLE_TLS="${KEYCLOAK_ENABLE_TLS:-false}"
 export KEYCLOAK_TLS_TRUSTSTORE_FILE="${KEYCLOAK_TLS_TRUSTSTORE_FILE:-}"
diff --git a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak/run.sh b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak/run.sh
index 3c54f0e00911..7365fb4c961d 100755
--- a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak/run.sh
+++ b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak/run.sh
@@ -21,7 +21,15 @@ conf_file="${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}"
 
 is_boolean_yes "$KEYCLOAK_PRODUCTION" && start_param="start" || start_param="start-dev"
 
-start_command=("${KEYCLOAK_BIN_DIR}/kc.sh" "-cf" "$conf_file" "$start_param")
+start_command=("${KEYCLOAK_BIN_DIR}/kc.sh" "-cf" "$conf_file")
+
+# Prepend extra args
+if [[ -n "$KEYCLOAK_EXTRA_ARGS_PREPENDED" ]]; then
+    read -r -a extra_args_prepended <<<"$KEYCLOAK_EXTRA_ARGS_PREPENDED"
+    start_command+=("${extra_args_prepended[@]}")
+fi
+
+start_command+=("$start_param")
 
 # Add extra args
 if [[ -n "$KEYCLOAK_EXTRA_ARGS" ]]; then
diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md
index 8c305623e115..7eae13a1be2e 100644
--- a/bitnami/keycloak/README.md
+++ b/bitnami/keycloak/README.md
@@ -111,6 +111,14 @@ $ docker run --name keycloak \
   bitnami/keycloak:latest
 ```
 
+Or, if you need flags which are applied directly to keycloak executable, you can use `KEYCLOAK_EXTRA_ARGS_PREPENDED` variable. Example:
+
+```console
+$ docker run --name keycloak \
+  -e KEYCLOAK_EXTRA_ARGS_PREPENDED="--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true" \
+  bitnami/keycloak:latest
+```
+
 ### Initializing a new instance
 
 When the container is launched, it will execute the files with extension `.sh` located at `/docker-entrypoint-initdb.d`.