As others have previously pointed out, an SP could request an
appropriate minimum authentication context when making the
authentication request. That context could specify that a direct user
interaction is made by the IdP. Such a usage would preclude the use of
cached credentials by the IdP, and force them to either interact with
the user or return a failure code to the SP.
Of course, this only solves the issue of credentials cached at the IdP.
The credentials could also be cached at the client (I certainly do it
for username/password authentication through my browser, even at those
sites that try to disable it). However, I think that solving the
caching at the client problem might be out of scope for the SSTC, if it
is really solvable at all.