As per my understanding of the issue, i see that the script does not run when Anyconnect is launched using portal.
It can be related to a difficulty finding the profiles at times.
This is usually a result of not having a hostname and hostaddress configured in the existing profile. I think it may be a good idea to add
these values to your existing profile so we land on the right xml profile the first time.
Try to add the host entry as with fqdn of ASA.
And let me know if it helps.
For clearing up the credentials in the dialog box when using AnyConnect I found one of the bug:-
User credentials are cached in preferences.xml file when using Anyconnect client. So when they relaunch Anyconnect, the username appears in the client.
This is seen in all anyconnect clients. This is a configurable option in the IPSec client.
Currently there is no workaround
And i can see it is resolved in 2.4.202 however i am not sure if its resolved in 2.5 also. For this i would like to hear from others.