Enrolling with Platform Single Sign-on ( Implementing Platform SSO during device enrollment )

Hi Apple Team & Community,

The new Introduction of Platform SSO during ADE Enrollment is Great And we tried implementing this. As a Rule mentioned in the Documentation Initially MDM Server should send 403 response with Response Body adhering to ErrorCodePlatformSSORequired when HTTP Header for MachineInfo request contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true

There are contradictory claims mentioned in Document,

1. In Process Platform SSO Required Response it is mentioned that MDM Server should send body as JSON Object for ErrorCodePlatformSSORequired Example below

>>>>> Response
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 558

{
    "code": "com.apple.psso.required",
    "description": "MDM Server requires the user to authenticate with Identity Provider - BY MEMDM",
    "message": "The MDM server requires you to authenticate with your Identity Provider. Please follow the instructions provided by your organization to complete the authentication process - BY MEMDM",
    "details": {
        "Package": {
            "ManifestURL": "https://platform-sso-node-server.vercel.app:443/manifest"
        },
        "ProfileURL": "https://platform-sso-node-server.vercel.app:443/profile",
        "AuthURL": "https://platform-sso-node-server.vercel.app:443/auth"
    }
}

1. But in the same Document a Sample HTTP Response was Provided but seems to be XML format as below

>>>>> Response
HTTP/1.1 403 Forbidden
Content-Type: application/xml
Content-Length: 601


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Code</key>
    <string>com.apple.psso.required</string>
    <key>Details</key>
    <dict>
        <key>ProfileURL</key>
        <string>https://mdmserver.example.com/psso.mobileconfig</string>
        <key>Package</key>
        <dict>
            <key>ManifestURL</key>
            <string>https://mdmserver.example.com/psso-app.plist</string>
        </dict>
        <key>AuthURL</key>
        <string>https://idp.example.com/authenticate</string>
    </dict>
</dict>
</plist>

From Github I assume that both Response Types are welcomed hence I tried with Both

1. Followed in JSON Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPJSON

2. Followed in XML Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPXML

In both Response Modes OS is not proceeding after and a error Stating Enrollment with Management Server Failed , Forbidden request (403) appears

Can someone kindly guide on where I missed, or is this any OS Bug in Tahoe 26?