Tim, unfortunately this didn't solve it.
In the WEBAUTH request - it's missing the NAD-ip address, but has the client-mac-address
In the RADIUS request - it's missing the mac-address as it's neither in Radius:Calling-station-id or username, but has most other information.
Also - after disconnecting or bouncing the VPN client using either session-timout in the Radius or Agent:Bounce in the WEBAUTH, the following Radius has no pointer of cached session to use for Posture status.
This from access tracker
WEBAUTH
[RequestHandler-1-0x7fc4909e4700 r=psauto-1476688476-2799 h=135 r=W00000022-01-58086c76] WARN Common.TagDefinitionCacheTable - Failed to build TagDefinitionMap. Unknown NadClient for Id=0
Radius debug log
2016-10-20 09:03:46,949 [RequestHandler-1-0x7fc4909e4700 r=psauto-1476688476-2796 h=135 r=R00000546-01-58086c52] WARN Common.MacAddrAttrProvider - HostMac missing, not populating different mac representations
2016-10-20 09:03:46,950 [RequestHandler-1-0x7fc4909e4700 h=25022 c=R00000546-01-58086c52] WARN REC.EvaluatorCtx - Prerequisites set is empty, not populating the Request Map
2016-10-20 09:03:46,953 [RequestHandler-1-0x7fc4909e4700 r=R00000546-01-58086c52 h=25025 c=R00000546-01-58086c52] ERROR Core.PETaskPolicyResult - handleHttpResponseEv: All policy result cache lookups failed
2016-10-20 09:03:46,954 [RequestHandler-1-0x7fc4909e4700 h=25031 c=R00000546-01-58086c52] WARN Core.PETaskPostAuthEnfProfileBuilder - No client macaddress found in the request
2016-10-20 09:03:46,954 [RequestHandler-1-0x7fc4909e4700 h=25031 c=R00000546-01-58086c52] WARN Core.PETaskPostAuthEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
So... If not with Cisco ASA - have you done this successfully through other VPN gateways? As in "Authentication with Posture assessment on xxx VPN client using xxx VPN gateway with Clearpass and Onguard" ?