Running CA Access Gateway (SPS) for Federation Services, acting as SP, is it possible to run your Service Provider (SP) side, without configuring a User Directory?

No. Unfortunately, it's impossible, as Federation relies on sharing the identity of the user from both sides.

Both Partners, Identity Provider (IdP) and Service Provider (SP), define together an agreement, how the user will be found on each side. This is how Federation is built.

Both sides should have a User Directory where to find the user:

     Account linking can be used for browser-based single sign-on, where
     each partner maintains separate user accounts for the same user. (1)

     Partnership federation looks up entries in a user directory to
     verify identities and retrieve user attributes for a given
     principal. At the asserting party, the federation partner
     generates assertions for the appropriate users, and authenticates
     each user against a user directory. At the relying party, the
     federation partner extracts the necessary information from an
     assertion and looks in the user directory for the appropriate
     user record. (2)

1. Federation Use Cases and Solutions Common to SAML and WS-Federation
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/implementing/implementing-federation-in-your-enterprise/federation-use-cases-and-solutions-common-to-saml-and-ws-federation.html
   
   
2. User Directory Connections for Partnership Federation
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/user-directory-connections-for-partnership-federation.html