Just to clarify the communication...
The IAP will use ACLs and act as a Man-in-the-Middle to capture your HTTP/HTTPS request and redirect you via HTTP/HTTPS to the captive portal hosted on ClearPass. Once you click "Login", ClearPass will perform an HTTP/HTTPS Post back to the IAP. The IAP then generates the RADIUS request which hits Clearpass Policy Manager and the authentication is successful / fails from there.
So the flow goes back and forth a couple times, but I'm glad you were able to diagnose this as a connectivity issue.