The Ticket Solution referred to is more like a traditional authentication system (like Kerberos). I'm not an expert in this field, but as I understand it, this would be equivalent to connecting to a third party version of LDAP for a Windows single sign on.
The session solution is where you use the browser session cookie to authenticate against. I've implemented several website OEM solutions using the the session solution. If your mashup object is going to sit in a web page, then I would recommend giving this one a go.
Reading the doc you mentioned again, I would say that the 'identity provider' can be considered to be your website. You will have set up a UDC that looks at the website users and pulled them across under a specific user directory. When someone logs into your platform and is given a session ID in a cookie and then navigates to the object in question (<qs_url>/<directory>/<single_object_guid>), then the QPS sends a request to your 'authentication module, (aka the code you've written to handle the above session module API). As mentioned above, your code will take the session ID sent by the QPS and return a GET request with the userID, if you get a null response, then you can send an ADD request. As long as the userID is valid and has a valid user or login token, QlikSense will grant a new session to that user.
At least, this is how we're doing it. I think there is more than one way to do this solution in QlikSense.