When a single identity provider authenticates to multiple service providers, all the assertions are signed by using a common signing key. The assertions are also decrypted by using a common encryption key. Using a single certificate can lead to a vulnerability for all the service providers.
For example, if the common signing or encryption cert is compromised, the information can be used on multiple service providers to potentially gather information.
To mitigate this risk, you can use a single signing and encryption certificate for each service provider.
To define signing and encryption certificate for a service provider, see Section 13.4.4, Managing the Keys, Certificates, and Trust Stores