SAML Question: If the backend/"shadow" account in AD has an expired password, will a SAML logon still work since it's using the SmartcardLogon certificate and not the AD password?

Nope