Agree with your comments, I think. A clarification - the ForceAuthn
would only apply for the session for which the SP makes the ForceAuthn
request, not all sessions.
ForceAuthn only applies to the particular AuthnRequest that is sent to
the IdP. It has no direct impact on other IdP interactions (although it
will likely have the indirect effect of altering the assertion returned
for subsequent AuthnRequests to that IdP within that IdPs user session
since the AuthenticationInstant and perhaps context will have changed).